329
AWS Security Hub API Reference API Version 2018-10-26

AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

  • Upload
    others

  • View
    37

  • Download
    1

Embed Size (px)

Citation preview

Page 1: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security HubAPI Reference

API Version 2018-10-26

Page 2: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

AWS Security Hub: API ReferenceCopyright © 2020 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.

Amazon's trademarks and trade dress may not be used in connection with any product or service that is notAmazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages ordiscredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who mayor may not be affiliated with, connected to, or sponsored by Amazon.

Page 3: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

Table of ContentsWelcome .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Actions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

AcceptInvitation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

BatchDisableStandards .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

BatchEnableStandards .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

BatchImportFindings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

BatchUpdateFindings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

CreateActionTarget .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

CreateInsight .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

API Version 2018-10-26iii

Page 4: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

CreateMembers .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

DeclineInvitations .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

DeleteActionTarget .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

DeleteInsight .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

DeleteInvitations .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

DeleteMembers .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

DescribeActionTargets ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

API Version 2018-10-26iv

Page 5: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

DescribeHub .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

DescribeProducts ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

DescribeStandards .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

DescribeStandardsControls ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

DisableImportFindingsForProduct .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

DisableSecurityHub .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

DisassociateFromMasterAccount .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

API Version 2018-10-26v

Page 6: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

DisassociateMembers .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

EnableImportFindingsForProduct .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

EnableSecurityHub .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

GetEnabledStandards .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

GetFindings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

GetInsightResults ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

GetInsights ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

API Version 2018-10-26vi

Page 7: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113GetInvitationsCount .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

GetMasterAccount .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

GetMembers .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

InviteMembers .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

ListEnabledProductsForImport ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

ListInvitations .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

ListMembers .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

API Version 2018-10-26vii

Page 8: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

ListTagsForResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

TagResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

UntagResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

UpdateActionTarget .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

UpdateFindings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

UpdateInsight .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

UpdateStandardsControl ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161URI Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161Request Body .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Data Types .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

API Version 2018-10-26viii

Page 9: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

AccountDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

ActionTarget .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

AvailabilityZone .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

AwsCloudFrontDistributionDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

AwsCloudFrontDistributionLogging .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

AwsCloudFrontDistributionOriginItem ..... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

AwsCloudFrontDistributionOrigins .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

AwsCodeBuildProjectDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

AwsCodeBuildProjectEnvironment .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

AwsCodeBuildProjectEnvironmentRegistryCredential ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

AwsCodeBuildProjectSource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

AwsCodeBuildProjectVpcConfig .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

AwsEc2InstanceDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

AwsEc2NetworkInterfaceAttachment .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

AwsEc2NetworkInterfaceDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

AwsEc2NetworkInterfaceSecurityGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

AwsEc2SecurityGroupDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

AwsEc2SecurityGroupIpPermission .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

AwsEc2SecurityGroupIpRange .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

API Version 2018-10-26ix

Page 10: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

AwsEc2SecurityGroupIpv6Range .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

AwsEc2SecurityGroupPrefixListId .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

AwsEc2SecurityGroupUserIdGroupPair ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

AwsElasticsearchDomainDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

AwsElasticsearchDomainDomainEndpointOptions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

AwsElasticsearchDomainEncryptionAtRestOptions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

AwsElasticsearchDomainNodeToNodeEncryptionOptions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

AwsElasticsearchDomainVPCOptions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

AwsElbv2LoadBalancerDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

AwsIamAccessKeyDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

AwsIamRoleDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

AwsKmsKeyDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

AwsLambdaFunctionCode .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

AwsLambdaFunctionDeadLetterConfig .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

AwsLambdaFunctionDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

AwsLambdaFunctionEnvironment .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

AwsLambdaFunctionEnvironmentError ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

AwsLambdaFunctionLayer .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

AwsLambdaFunctionTracingConfig .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

API Version 2018-10-26x

Page 11: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

AwsLambdaFunctionVpcConfig .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

AwsLambdaLayerVersionDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

AwsRdsDbInstanceAssociatedRole .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

AwsRdsDbInstanceDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

AwsRdsDbInstanceEndpoint ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

AwsRdsDbInstanceVpcSecurityGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

AwsS3BucketDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

AwsS3BucketServerSideEncryptionByDefault ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

AwsS3BucketServerSideEncryptionConfiguration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

AwsS3BucketServerSideEncryptionRule .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

AwsS3ObjectDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

AwsSecurityFinding .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

AwsSecurityFindingFilters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

AwsSecurityFindingIdentifier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

AwsSnsTopicDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

AwsSnsTopicSubscription .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

AwsSqsQueueDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

AwsWafWebAclDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

AwsWafWebAclRule .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

API Version 2018-10-26xi

Page 12: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

BatchUpdateFindingsUnprocessedFinding .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

Compliance .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

ContainerDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

DateFilter ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

DateRange .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

ImportFindingsError ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

Insight .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

InsightResults ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

InsightResultValue .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Invitation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

IpFilter ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

KeywordFilter ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

LoadBalancerState .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

Malware .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

MapFilter ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

Member .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

Network .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

Note .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

NoteUpdate .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

API Version 2018-10-26xii

Page 13: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

NumberFilter ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

ProcessDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

Product .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

Recommendation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

RelatedFinding .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

Remediation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

Resource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

ResourceDetails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

Result ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Severity ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

SeverityUpdate .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

SortCriterion .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

Standard .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

StandardsControl ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

StandardsSubscription .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

StandardsSubscriptionRequest ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

StringFilter ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

ThreatIntelIndicator ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

WafAction .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

API Version 2018-10-26xiii

Page 14: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

WafExcludedRule .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

WafOverrideAction .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

Workflow ..... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

WorkflowUpdate .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

Common Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312Common Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

API Version 2018-10-26xiv

Page 15: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

WelcomeSecurity Hub provides you with a comprehensive view of the security state of your AWS environmentand resources. It also provides you with the readiness status of your environment based on controlsfrom supported security standards. Security Hub collects security data from AWS accounts, services, andintegrated third-party products and helps you analyze security trends in your environment to identifythe highest priority security issues. For more information about Security Hub, see the AWS Security HubUser Guide .

When you use operations in the Security Hub API, the requests are executed only in the AWS Region thatis currently active or in the specific AWS Region that you specify in your request. Any configuration orsettings change that results from the operation is applied only to that Region. To make the same changein other Regions, execute the same command for each Region to apply the change to.

For example, if your Region is set to us-west-2, when you use CreateMembers (p. 40) to adda member account to Security Hub, the association of the member account with the master account iscreated only in the us-west-2 Region. Security Hub must be enabled for the member account in thesame Region that the invitation was sent from.

The following throttling limits apply to using Security Hub API operations.

• GetFindings (p. 82) - RateLimit of 3 requests per second. BurstLimit of 6 requests persecond.

• UpdateFindings (p. 139) - RateLimit of 1 request per second. BurstLimit of 5 requests persecond.

• All other operations - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.

This document was last published on April 17, 2020.

API Version 2018-10-261

Page 16: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

ActionsThe following actions are supported:

• AcceptInvitation (p. 4)• BatchDisableStandards (p. 6)• BatchEnableStandards (p. 8)• BatchImportFindings (p. 11)• BatchUpdateFindings (p. 21)• CreateActionTarget (p. 26)• CreateInsight (p. 29)• CreateMembers (p. 40)• DeclineInvitations (p. 43)• DeleteActionTarget (p. 45)• DeleteInsight (p. 47)• DeleteInvitations (p. 49)• DeleteMembers (p. 51)• DescribeActionTargets (p. 53)• DescribeHub (p. 56)• DescribeProducts (p. 58)• DescribeStandards (p. 61)• DescribeStandardsControls (p. 63)• DisableImportFindingsForProduct (p. 66)• DisableSecurityHub (p. 68)• DisassociateFromMasterAccount (p. 70)• DisassociateMembers (p. 72)• EnableImportFindingsForProduct (p. 74)• EnableSecurityHub (p. 76)• GetEnabledStandards (p. 79)• GetFindings (p. 82)• GetInsightResults (p. 101)• GetInsights (p. 103)• GetInvitationsCount (p. 114)• GetMasterAccount (p. 116)• GetMembers (p. 118)• InviteMembers (p. 121)• ListEnabledProductsForImport (p. 124)• ListInvitations (p. 126)• ListMembers (p. 128)• ListTagsForResource (p. 131)• TagResource (p. 133)• UntagResource (p. 135)• UpdateActionTarget (p. 137)• UpdateFindings (p. 139)

API Version 2018-10-262

Page 17: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

• UpdateInsight (p. 150)• UpdateStandardsControl (p. 161)

API Version 2018-10-263

Page 18: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAcceptInvitation

AcceptInvitationAccepts the invitation to be a member account and be monitored by the Security Hub master accountthat the invitation was sent from.

When the member account accepts the invitation, permission is granted to the master account to viewfindings generated in the member account.

Request SyntaxPOST /master HTTP/1.1Content-type: application/json

{ "InvitationId": "string", "MasterId": "string"}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

InvitationId (p. 4)

The ID of the invitation sent from the Security Hub master account.

Type: String

Pattern: .*\S.*

Required: YesMasterId (p. 4)

The account ID of the Security Hub master account that sent the invitation.

Type: String

Pattern: .*\S.*

Required: Yes

Response SyntaxHTTP/1.1 200

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

API Version 2018-10-264

Page 19: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-265

Page 20: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceBatchDisableStandards

BatchDisableStandardsDisables the standards specified by the provided StandardsSubscriptionArns.

For more information, see Security Standards section of the AWS Security Hub User Guide.

Request SyntaxPOST /standards/deregister HTTP/1.1Content-type: application/json

{ "StandardsSubscriptionArns": [ "string" ]}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

StandardsSubscriptionArns (p. 6)

The ARNs of the standards subscriptions to disable.

Type: Array of strings

Array Members: Minimum number of 1 item. Maximum number of 25 items.

Pattern: .*\S.*

Required: Yes

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "StandardsSubscriptions": [ { "StandardsArn": "string", "StandardsInput": { "string" : "string" }, "StandardsStatus": "string", "StandardsSubscriptionArn": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

API Version 2018-10-266

Page 21: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceErrors

The following data is returned in JSON format by the service.

StandardsSubscriptions (p. 6)

The details of the standards subscriptions that were disabled.

Type: Array of StandardsSubscription (p. 302) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-267

Page 22: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceBatchEnableStandards

BatchEnableStandardsEnables the standards specified by the provided StandardsArn. To obtain the ARN for a standard, usethe DescribeStandards (p. 61) operation.

For more information, see the Security Standards section of the AWS Security Hub User Guide.

Request SyntaxPOST /standards/register HTTP/1.1Content-type: application/json

{ "StandardsSubscriptionRequests": [ { "StandardsArn": "string", "StandardsInput": { "string" : "string" } } ]}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

StandardsSubscriptionRequests (p. 8)

The list of standards checks to enable.

Type: Array of StandardsSubscriptionRequest (p. 303) objects

Array Members: Minimum number of 1 item. Maximum number of 25 items.

Required: Yes

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "StandardsSubscriptions": [ { "StandardsArn": "string", "StandardsInput": { "string" : "string" }, "StandardsStatus": "string", "StandardsSubscriptionArn": "string" }

API Version 2018-10-268

Page 23: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Elements

]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

StandardsSubscriptions (p. 8)

The details of the standards subscriptions that were enabled.

Type: Array of StandardsSubscription (p. 302) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3

API Version 2018-10-269

Page 24: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2610

Page 25: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceBatchImportFindings

BatchImportFindingsImports security findings generated from an integrated third-party product into Security Hub. Thisaction is requested by the integrated product to import its findings into Security Hub.

The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240Kb.

After a finding is created, BatchImportFindings cannot be used to update the following finding fieldsand objects, which Security Hub customers use to manage their investigation workflow.

• Confidence

• Criticality

• Note

• RelatedFindings

• Severity

• Types

• UserDefinedFields

• VerificationState

• Workflow

Request SyntaxPOST /findings/import HTTP/1.1Content-type: application/json

{ "Findings": [ { "AwsAccountId": "string", "Compliance": { "RelatedRequirements": [ "string" ], "Status": "string" }, "Confidence": number, "CreatedAt": "string", "Criticality": number, "Description": "string", "FirstObservedAt": "string", "GeneratorId": "string", "Id": "string", "LastObservedAt": "string", "Malware": [ { "Name": "string", "Path": "string", "State": "string", "Type": "string" } ], "Network": { "DestinationDomain": "string", "DestinationIpV4": "string", "DestinationIpV6": "string", "DestinationPort": number, "Direction": "string", "Protocol": "string", "SourceDomain": "string",

API Version 2018-10-2611

Page 26: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"SourceIpV4": "string", "SourceIpV6": "string", "SourceMac": "string", "SourcePort": number }, "Note": { "Text": "string", "UpdatedAt": "string", "UpdatedBy": "string" }, "Process": { "LaunchedAt": "string", "Name": "string", "ParentPid": number, "Path": "string", "Pid": number, "TerminatedAt": "string" }, "ProductArn": "string", "ProductFields": { "string" : "string" }, "RecordState": "string", "RelatedFindings": [ { "Id": "string", "ProductArn": "string" } ], "Remediation": { "Recommendation": { "Text": "string", "Url": "string" } }, "Resources": [ { "Details": { "AwsCloudFrontDistribution": { "DomainName": "string", "ETag": "string", "LastModifiedTime": "string", "Logging": { "Bucket": "string", "Enabled": boolean, "IncludeCookies": boolean, "Prefix": "string" }, "Origins": { "Items": [ { "DomainName": "string", "Id": "string", "OriginPath": "string" } ] }, "Status": "string", "WebAclId": "string" }, "AwsCodeBuildProject": { "EncryptionKey": "string", "Environment": { "Certificate": "string", "ImagePullCredentialsType": "string", "RegistryCredential": {

API Version 2018-10-2612

Page 27: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"Credential": "string", "CredentialProvider": "string" }, "Type": "string" }, "Name": "string", "ServiceRole": "string", "Source": { "GitCloneDepth": number, "InsecureSsl": boolean, "Location": "string", "Type": "string" }, "VpcConfig": { "SecurityGroupIds": [ "string" ], "Subnets": [ "string" ], "VpcId": "string" } }, "AwsEc2Instance": { "IamInstanceProfileArn": "string", "ImageId": "string", "IpV4Addresses": [ "string" ], "IpV6Addresses": [ "string" ], "KeyName": "string", "LaunchedAt": "string", "SubnetId": "string", "Type": "string", "VpcId": "string" }, "AwsEc2NetworkInterface": { "Attachment": { "AttachmentId": "string", "AttachTime": "string", "DeleteOnTermination": boolean, "DeviceIndex": number, "InstanceId": "string", "InstanceOwnerId": "string", "Status": "string" }, "NetworkInterfaceId": "string", "SecurityGroups": [ { "GroupId": "string", "GroupName": "string" } ], "SourceDestCheck": boolean }, "AwsEc2SecurityGroup": { "GroupId": "string", "GroupName": "string", "IpPermissions": [ { "FromPort": number, "IpProtocol": "string", "IpRanges": [ { "CidrIp": "string" } ], "Ipv6Ranges": [ { "CidrIpv6": "string" } ],

API Version 2018-10-2613

Page 28: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"PrefixListIds": [ { "PrefixListId": "string" } ], "ToPort": number, "UserIdGroupPairs": [ { "GroupId": "string", "GroupName": "string", "PeeringStatus": "string", "UserId": "string", "VpcId": "string", "VpcPeeringConnectionId": "string" } ] } ], "IpPermissionsEgress": [ { "FromPort": number, "IpProtocol": "string", "IpRanges": [ { "CidrIp": "string" } ], "Ipv6Ranges": [ { "CidrIpv6": "string" } ], "PrefixListIds": [ { "PrefixListId": "string" } ], "ToPort": number, "UserIdGroupPairs": [ { "GroupId": "string", "GroupName": "string", "PeeringStatus": "string", "UserId": "string", "VpcId": "string", "VpcPeeringConnectionId": "string" } ] } ], "OwnerId": "string", "VpcId": "string" }, "AwsElasticsearchDomain": { "AccessPolicies": "string", "DomainEndpointOptions": { "EnforceHTTPS": boolean, "TLSSecurityPolicy": "string" }, "DomainId": "string", "DomainName": "string", "ElasticsearchVersion": "string", "EncryptionAtRestOptions": { "Enabled": boolean, "KmsKeyId": "string" },

API Version 2018-10-2614

Page 29: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"Endpoint": "string", "Endpoints": { "string" : "string" }, "NodeToNodeEncryptionOptions": { "Enabled": boolean }, "VPCOptions": { "AvailabilityZones": [ "string" ], "SecurityGroupIds": [ "string" ], "SubnetIds": [ "string" ], "VPCId": "string" } }, "AwsElbv2LoadBalancer": { "AvailabilityZones": [ { "SubnetId": "string", "ZoneName": "string" } ], "CanonicalHostedZoneId": "string", "CreatedTime": "string", "DNSName": "string", "IpAddressType": "string", "Scheme": "string", "SecurityGroups": [ "string" ], "State": { "Code": "string", "Reason": "string" }, "Type": "string", "VpcId": "string" }, "AwsIamAccessKey": { "CreatedAt": "string", "PrincipalId": "string", "PrincipalName": "string", "PrincipalType": "string", "Status": "string", "UserName": "string" }, "AwsIamRole": { "AssumeRolePolicyDocument": "string", "CreateDate": "string", "MaxSessionDuration": number, "Path": "string", "RoleId": "string", "RoleName": "string" }, "AwsKmsKey": { "AWSAccountId": "string", "CreationDate": number, "KeyId": "string", "KeyManager": "string", "KeyState": "string", "Origin": "string" }, "AwsLambdaFunction": { "Code": { "S3Bucket": "string", "S3Key": "string", "S3ObjectVersion": "string", "ZipFile": "string" }, "CodeSha256": "string",

API Version 2018-10-2615

Page 30: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"DeadLetterConfig": { "TargetArn": "string" }, "Environment": { "Error": { "ErrorCode": "string", "Message": "string" }, "Variables": { "string" : "string" } }, "FunctionName": "string", "Handler": "string", "KmsKeyArn": "string", "LastModified": "string", "Layers": [ { "Arn": "string", "CodeSize": number } ], "MasterArn": "string", "MemorySize": number, "RevisionId": "string", "Role": "string", "Runtime": "string", "Timeout": number, "TracingConfig": { "Mode": "string" }, "Version": "string", "VpcConfig": { "SecurityGroupIds": [ "string" ], "SubnetIds": [ "string" ], "VpcId": "string" } }, "AwsLambdaLayerVersion": { "CompatibleRuntimes": [ "string" ], "CreatedDate": "string", "Version": number }, "AwsRdsDbInstance": { "AssociatedRoles": [ { "FeatureName": "string", "RoleArn": "string", "Status": "string" } ], "CACertificateIdentifier": "string", "DBClusterIdentifier": "string", "DBInstanceClass": "string", "DBInstanceIdentifier": "string", "DbInstancePort": number, "DbiResourceId": "string", "DBName": "string", "DeletionProtection": boolean, "Endpoint": { "Address": "string", "HostedZoneId": "string", "Port": number }, "Engine": "string", "EngineVersion": "string",

API Version 2018-10-2616

Page 31: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"IAMDatabaseAuthenticationEnabled": boolean, "InstanceCreateTime": "string", "KmsKeyId": "string", "PubliclyAccessible": boolean, "StorageEncrypted": boolean, "TdeCredentialArn": "string", "VpcSecurityGroups": [ { "Status": "string", "VpcSecurityGroupId": "string" } ] }, "AwsS3Bucket": { "CreatedAt": "string", "OwnerId": "string", "OwnerName": "string", "ServerSideEncryptionConfiguration": { "Rules": [ { "ApplyServerSideEncryptionByDefault": { "KMSMasterKeyID": "string", "SSEAlgorithm": "string" } } ] } }, "AwsS3Object": { "ContentType": "string", "ETag": "string", "LastModified": "string", "ServerSideEncryption": "string", "SSEKMSKeyId": "string", "VersionId": "string" }, "AwsSnsTopic": { "KmsMasterKeyId": "string", "Owner": "string", "Subscription": [ { "Endpoint": "string", "Protocol": "string" } ], "TopicName": "string" }, "AwsSqsQueue": { "DeadLetterTargetArn": "string", "KmsDataKeyReusePeriodSeconds": number, "KmsMasterKeyId": "string", "QueueName": "string" }, "AwsWafWebAcl": { "DefaultAction": "string", "Name": "string", "Rules": [ { "Action": { "Type": "string" }, "ExcludedRules": [ { "RuleId": "string" } ],

API Version 2018-10-2617

Page 32: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceURI Request Parameters

"OverrideAction": { "Type": "string" }, "Priority": number, "RuleId": "string", "Type": "string" } ], "WebAclId": "string" }, "Container": { "ImageId": "string", "ImageName": "string", "LaunchedAt": "string", "Name": "string" }, "Other": { "string" : "string" } }, "Id": "string", "Partition": "string", "Region": "string", "Tags": { "string" : "string" }, "Type": "string" } ], "SchemaVersion": "string", "Severity": { "Label": "string", "Normalized": number, "Product": number }, "SourceUrl": "string", "ThreatIntelIndicators": [ { "Category": "string", "LastObservedAt": "string", "Source": "string", "SourceUrl": "string", "Type": "string", "Value": "string" } ], "Title": "string", "Types": [ "string" ], "UpdatedAt": "string", "UserDefinedFields": { "string" : "string" }, "VerificationState": "string", "Workflow": { "Status": "string" }, "WorkflowState": "string" } ]}

URI Request ParametersThe request does not use any URI parameters.

API Version 2018-10-2618

Page 33: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Body

Request BodyThe request accepts the following data in JSON format.

Findings (p. 11)

A list of findings to import. To successfully import a finding, it must follow the AWS Security FindingFormat. Maximum of 100 findings per request.

Type: Array of AwsSecurityFinding (p. 235) objects

Required: Yes

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "FailedCount": number, "FailedFindings": [ { "ErrorCode": "string", "ErrorMessage": "string", "Id": "string" } ], "SuccessCount": number}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

FailedCount (p. 19)

The number of findings that failed to import.

Type: IntegerFailedFindings (p. 19)

The list of findings that failed to import.

Type: Array of ImportFindingsError (p. 264) objectsSuccessCount (p. 19)

The number of findings that were successfully imported.

Type: Integer

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

API Version 2018-10-2619

Page 34: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2620

Page 35: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceBatchUpdateFindings

BatchUpdateFindingsUsed by Security Hub customers to update information about their investigation into a finding.Requested by master accounts or member accounts. Master accounts can update findings for theiraccount and their member accounts. Member accounts can update findings for their account.

Updates from BatchUpdateFindings do not affect the value of UpdatedAt for a finding.

Master accounts can use BatchUpdateFindings to update the following finding fields and objects.

• Confidence

• Criticality

• Note

• RelatedFindings

• Severity

• Types

• UserDefinedFields

• VerificationState

• Workflow

Member accounts can only use BatchUpdateFindings to update the Note object.

Request SyntaxPATCH /findings/batchupdate HTTP/1.1Content-type: application/json

{ "Confidence": number, "Criticality": number, "FindingIdentifiers": [ { "Id": "string", "ProductArn": "string" } ], "Note": { "Text": "string", "UpdatedBy": "string" }, "RelatedFindings": [ { "Id": "string", "ProductArn": "string" } ], "Severity": { "Label": "string", "Normalized": number, "Product": number }, "Types": [ "string" ], "UserDefinedFields": { "string" : "string" }, "VerificationState": "string", "Workflow": {

API Version 2018-10-2621

Page 36: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceURI Request Parameters

"Status": "string" }}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

Confidence (p. 21)

The updated value for the finding confidence. Confidence is defined as the likelihood that a findingaccurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidenceand 100 means 100 percent confidence.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 100.

Required: NoCriticality (p. 21)

The updated value for the level of importance assigned to the resources associated with thefindings.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reservedfor the most critical resources.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 100.

Required: NoFindingIdentifiers (p. 21)

The list of findings to update. BatchUpdateFindings can be used to update up to 100 findings ata time.

For each finding, the list provides the finding identifier and the ARN of the finding provider.

Type: Array of AwsSecurityFindingIdentifier (p. 252) objects

Required: YesNote (p. 21)

The updated note.

Type: NoteUpdate (p. 279) object

Required: NoRelatedFindings (p. 21)

A list of findings that are related to the updated findings.

Type: Array of RelatedFinding (p. 286) objects

API Version 2018-10-2622

Page 37: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Body

Required: NoSeverity (p. 21)

Used to update the finding severity.

Type: SeverityUpdate (p. 296) object

Required: NoTypes (p. 21)

One or more finding types in the format of namespace/category/classifier that classify a finding.

Valid namespace values are as follows.• Software and Configuration Checks• TTPs• Effects• Unusual Behaviors• Sensitive Data Identifications

Type: Array of strings

Pattern: .*\S.*

Required: NoUserDefinedFields (p. 21)

A list of name/value string pairs associated with the finding. These are custom, user-defined fieldsadded to a finding.

Type: String to string map

Key Pattern: .*\S.*

Value Pattern: .*\S.*

Required: NoVerificationState (p. 21)

Indicates the veracity of a finding.

The available values for VerificationState are as follows.• UNKNOWN – The default disposition of a security finding• TRUE_POSITIVE – The security finding is confirmed• FALSE_POSITIVE – The security finding was determined to be a false alarm• BENIGN_POSITIVE – A special case of TRUE_POSITIVE where the finding doesn't pose any

threat, is expected, or both

Type: String

Valid Values: UNKNOWN | TRUE_POSITIVE | FALSE_POSITIVE | BENIGN_POSITIVE

Required: NoWorkflow (p. 21)

Used to update the workflow status of a finding.

The workflow status indicates the progress of the investigation into the finding.

API Version 2018-10-2623

Page 38: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

Type: WorkflowUpdate (p. 311) object

Required: No

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "ProcessedFindings": [ { "Id": "string", "ProductArn": "string" } ], "UnprocessedFindings": [ { "ErrorCode": "string", "ErrorMessage": "string", "FindingIdentifier": { "Id": "string", "ProductArn": "string" } } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ProcessedFindings (p. 24)

The list of findings that were updated successfully.

Type: Array of AwsSecurityFindingIdentifier (p. 252) objectsUnprocessedFindings (p. 24)

The list of findings that were not updated.

Type: Array of BatchUpdateFindingsUnprocessedFinding (p. 259) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

API Version 2018-10-2624

Page 39: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2625

Page 40: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceCreateActionTarget

CreateActionTargetCreates a custom action target in Security Hub.

You can use custom actions on findings and insights in Security Hub to trigger target actions in AmazonCloudWatch Events.

Request SyntaxPOST /actionTargets HTTP/1.1Content-type: application/json

{ "Description": "string", "Id": "string", "Name": "string"}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

Description (p. 26)

The description for the custom action target.

Type: String

Pattern: .*\S.*

Required: YesId (p. 26)

The ID for the custom action target.

Type: String

Pattern: .*\S.*

Required: YesName (p. 26)

The name of the custom action target.

Type: String

Pattern: .*\S.*

Required: Yes

Response SyntaxHTTP/1.1 200

API Version 2018-10-2626

Page 41: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Elements

Content-type: application/json

{ "ActionTargetArn": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ActionTargetArn (p. 26)

The ARN for the custom action target.

Type: String

Pattern: .*\S.*

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceConflictException

The resource specified in the request conflicts with an existing resource.

HTTP Status Code: 409

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

API Version 2018-10-2627

Page 43: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceCreateInsight

CreateInsightCreates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a securityissue that requires attention or remediation.

To group the related findings in the insight, use the GroupByAttribute.

Request SyntaxPOST /insights HTTP/1.1Content-type: application/json

{ "Filters": { "AwsAccountId": [ { "Comparison": "string", "Value": "string" } ], "CompanyName": [ { "Comparison": "string", "Value": "string" } ], "ComplianceStatus": [ { "Comparison": "string", "Value": "string" } ], "Confidence": [ { "Eq": number, "Gte": number, "Lte": number } ], "CreatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "Criticality": [ { "Eq": number, "Gte": number, "Lte": number } ], "Description": [ { "Comparison": "string", "Value": "string" } ],

API Version 2018-10-2629

Page 44: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"FirstObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "GeneratorId": [ { "Comparison": "string", "Value": "string" } ], "Id": [ { "Comparison": "string", "Value": "string" } ], "Keyword": [ { "Value": "string" } ], "LastObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "MalwareName": [ { "Comparison": "string", "Value": "string" } ], "MalwarePath": [ { "Comparison": "string", "Value": "string" } ], "MalwareState": [ { "Comparison": "string", "Value": "string" } ], "MalwareType": [ { "Comparison": "string", "Value": "string" } ], "NetworkDestinationDomain": [ { "Comparison": "string", "Value": "string" }

API Version 2018-10-2630

Page 45: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

], "NetworkDestinationIpV4": [ { "Cidr": "string" } ], "NetworkDestinationIpV6": [ { "Cidr": "string" } ], "NetworkDestinationPort": [ { "Eq": number, "Gte": number, "Lte": number } ], "NetworkDirection": [ { "Comparison": "string", "Value": "string" } ], "NetworkProtocol": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourceDomain": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourceIpV4": [ { "Cidr": "string" } ], "NetworkSourceIpV6": [ { "Cidr": "string" } ], "NetworkSourceMac": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourcePort": [ { "Eq": number, "Gte": number, "Lte": number } ], "NoteText": [ { "Comparison": "string", "Value": "string" } ], "NoteUpdatedAt": [

API Version 2018-10-2631

Page 46: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

{ "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "NoteUpdatedBy": [ { "Comparison": "string", "Value": "string" } ], "ProcessLaunchedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ProcessName": [ { "Comparison": "string", "Value": "string" } ], "ProcessParentPid": [ { "Eq": number, "Gte": number, "Lte": number } ], "ProcessPath": [ { "Comparison": "string", "Value": "string" } ], "ProcessPid": [ { "Eq": number, "Gte": number, "Lte": number } ], "ProcessTerminatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ProductArn": [ { "Comparison": "string", "Value": "string" }

API Version 2018-10-2632

Page 47: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

], "ProductFields": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ProductName": [ { "Comparison": "string", "Value": "string" } ], "RecommendationText": [ { "Comparison": "string", "Value": "string" } ], "RecordState": [ { "Comparison": "string", "Value": "string" } ], "RelatedFindingsId": [ { "Comparison": "string", "Value": "string" } ], "RelatedFindingsProductArn": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceIamInstanceProfileArn": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceImageId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceIpV4Addresses": [ { "Cidr": "string" } ], "ResourceAwsEc2InstanceIpV6Addresses": [ { "Cidr": "string" } ], "ResourceAwsEc2InstanceKeyName": [ { "Comparison": "string", "Value": "string" } ],

API Version 2018-10-2633

Page 48: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"ResourceAwsEc2InstanceLaunchedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ResourceAwsEc2InstanceSubnetId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceType": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceVpcId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsIamAccessKeyCreatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ResourceAwsIamAccessKeyStatus": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsIamAccessKeyUserName": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsS3BucketOwnerId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsS3BucketOwnerName": [ { "Comparison": "string", "Value": "string" } ], "ResourceContainerImageId": [ { "Comparison": "string", "Value": "string"

API Version 2018-10-2634

Page 49: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

} ], "ResourceContainerImageName": [ { "Comparison": "string", "Value": "string" } ], "ResourceContainerLaunchedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ResourceContainerName": [ { "Comparison": "string", "Value": "string" } ], "ResourceDetailsOther": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ResourceId": [ { "Comparison": "string", "Value": "string" } ], "ResourcePartition": [ { "Comparison": "string", "Value": "string" } ], "ResourceRegion": [ { "Comparison": "string", "Value": "string" } ], "ResourceTags": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ResourceType": [ { "Comparison": "string", "Value": "string" } ], "SeverityLabel": [ { "Comparison": "string", "Value": "string"

API Version 2018-10-2635

Page 50: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

} ], "SeverityNormalized": [ { "Eq": number, "Gte": number, "Lte": number } ], "SeverityProduct": [ { "Eq": number, "Gte": number, "Lte": number } ], "SourceUrl": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorCategory": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorLastObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ThreatIntelIndicatorSource": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorSourceUrl": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorType": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorValue": [ { "Comparison": "string", "Value": "string" } ], "Title": [ { "Comparison": "string", "Value": "string"

API Version 2018-10-2636

Page 51: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceURI Request Parameters

} ], "Type": [ { "Comparison": "string", "Value": "string" } ], "UpdatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "UserDefinedFields": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "VerificationState": [ { "Comparison": "string", "Value": "string" } ], "WorkflowState": [ { "Comparison": "string", "Value": "string" } ], "WorkflowStatus": [ { "Comparison": "string", "Value": "string" } ] }, "GroupByAttribute": "string", "Name": "string"}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

Filters (p. 29)

One or more attributes used to filter the findings included in the insight. The insight only includesfindings that match the criteria defined in the filters.

Type: AwsSecurityFindingFilters (p. 241) object

API Version 2018-10-2637

Page 52: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

Required: YesGroupByAttribute (p. 29)

The attribute used to group the findings for the insight. The grouping attribute identifies the type ofitem that the insight applies to. For example, if an insight is grouped by resource identifier, then theinsight produces a list of resource identifiers.

Type: String

Pattern: .*\S.*

Required: YesName (p. 29)

The name of the custom insight to create.

Type: String

Pattern: .*\S.*

Required: Yes

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "InsightArn": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

InsightArn (p. 38)

The ARN of the insight created.

Type: String

Pattern: .*\S.*

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

API Version 2018-10-2638

Page 53: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceConflictException

The resource specified in the request conflicts with an existing resource.

HTTP Status Code: 409

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2639

Page 54: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceCreateMembers

CreateMembersCreates a member association in Security Hub between the specified accounts and the account usedto make the request, which is the master account. To successfully create a member, you must use thisaction from an account that already has Security Hub enabled. To enable Security Hub, you can use the EnableSecurityHub (p. 76) operation.

After you use CreateMembers to create member account associations in Security Hub, you must usethe InviteMembers (p. 121) operation to invite the accounts to enable Security Hub and becomemember accounts in Security Hub.

If the account owner accepts the invitation, the account becomes a member account in Security Hub,and a permission policy is added that permits the master account to view the findings generated in themember account. When Security Hub is enabled in the invited account, findings start to be sent to boththe member and master accounts.

To remove the association between the master and member accounts, use the DisassociateFromMasterAccount (p. 70) or DisassociateMembers (p. 72) operation.

Request SyntaxPOST /members HTTP/1.1Content-type: application/json

{ "AccountDetails": [ { "AccountId": "string", "Email": "string" } ]}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

AccountDetails (p. 40)

The list of accounts to associate with the Security Hub master account. For each account, the listincludes the account ID and the email address.

Type: Array of AccountDetails (p. 166) objects

Required: No

Response SyntaxHTTP/1.1 200Content-type: application/json

API Version 2018-10-2640

Page 55: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Elements

{ "UnprocessedAccounts": [ { "AccountId": "string", "ProcessingResult": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UnprocessedAccounts (p. 40)

The list of AWS accounts that were not processed. For each account, the list includes the account IDand the email address.

Type: Array of Result (p. 294) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceConflictException

The resource specified in the request conflicts with an existing resource.

HTTP Status Code: 409

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

API Version 2018-10-2641

Page 57: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDeclineInvitations

DeclineInvitationsDeclines invitations to become a member account.

Request SyntaxPOST /invitations/decline HTTP/1.1Content-type: application/json

{ "AccountIds": [ "string" ]}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

AccountIds (p. 43)

The list of account IDs for the accounts from which to decline the invitations to Security Hub.

Type: Array of strings

Pattern: .*\S.*

Required: Yes

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "UnprocessedAccounts": [ { "AccountId": "string", "ProcessingResult": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UnprocessedAccounts (p. 43)

The list of AWS accounts that were not processed. For each account, the list includes the account IDand the email address.

API Version 2018-10-2643

Page 58: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceErrors

Type: Array of Result (p. 294) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2644

Page 59: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDeleteActionTarget

DeleteActionTargetDeletes a custom action target from Security Hub.

Deleting a custom action target does not affect any findings or insights that were already sent toAmazon CloudWatch Events using the custom action.

Request SyntaxDELETE /actionTargets/ActionTargetArn+ HTTP/1.1

URI Request ParametersThe request requires the following URI parameters.

ActionTargetArn (p. 45)

The ARN of the custom action target to delete.

Pattern: .*\S.*

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "ActionTargetArn": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ActionTargetArn (p. 45)

The ARN of the custom action target that was deleted.

Type: String

Pattern: .*\S.*

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

API Version 2018-10-2645

Page 60: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2646

Page 61: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDeleteInsight

DeleteInsightDeletes the insight specified by the InsightArn.

Request SyntaxDELETE /insights/InsightArn+ HTTP/1.1

URI Request ParametersThe request requires the following URI parameters.

InsightArn (p. 47)

The ARN of the insight to delete.

Pattern: .*\S.*

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "InsightArn": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

InsightArn (p. 47)

The ARN of the insight that was deleted.

Type: String

Pattern: .*\S.*

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

API Version 2018-10-2647

Page 62: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2648

Page 63: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDeleteInvitations

DeleteInvitationsDeletes invitations received by the AWS account to become a member account.

Request SyntaxPOST /invitations/delete HTTP/1.1Content-type: application/json

{ "AccountIds": [ "string" ]}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

AccountIds (p. 49)

The list of the account IDs that sent the invitations to delete.

Type: Array of strings

Pattern: .*\S.*

Required: Yes

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "UnprocessedAccounts": [ { "AccountId": "string", "ProcessingResult": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UnprocessedAccounts (p. 49)

The list of AWS accounts for which the invitations were not deleted. For each account, the listincludes the account ID and the email address.

API Version 2018-10-2649

Page 64: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceErrors

Type: Array of Result (p. 294) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2650

Page 65: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDeleteMembers

DeleteMembersDeletes the specified member accounts from Security Hub.

Request SyntaxPOST /members/delete HTTP/1.1Content-type: application/json

{ "AccountIds": [ "string" ]}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

AccountIds (p. 51)

The list of account IDs for the member accounts to delete.

Type: Array of strings

Pattern: .*\S.*

Required: No

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "UnprocessedAccounts": [ { "AccountId": "string", "ProcessingResult": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UnprocessedAccounts (p. 51)

The list of AWS accounts that were not deleted. For each account, the list includes the account IDand the email address.

API Version 2018-10-2651

Page 66: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceErrors

Type: Array of Result (p. 294) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2652

Page 67: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDescribeActionTargets

DescribeActionTargetsReturns a list of the custom action targets in Security Hub in your account.

Request SyntaxPOST /actionTargets/get HTTP/1.1Content-type: application/json

{ "ActionTargetArns": [ "string" ], "MaxResults": number, "NextToken": "string"}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

ActionTargetArns (p. 53)

A list of custom action target ARNs for the custom action targets to retrieve.

Type: Array of strings

Pattern: .*\S.*

Required: NoMaxResults (p. 53)

The maximum number of results to return.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 100.

Required: NoNextToken (p. 53)

The token that is required for pagination. On your first call to the DescribeActionTargetsoperation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to thevalue returned from the previous response.

Type: String

Required: No

Response SyntaxHTTP/1.1 200

API Version 2018-10-2653

Page 68: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Elements

Content-type: application/json

{ "ActionTargets": [ { "ActionTargetArn": "string", "Description": "string", "Name": "string" } ], "NextToken": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ActionTargets (p. 53)

A list of ActionTarget objects. Each object includes the ActionTargetArn, Description, andName of a custom action target available in Security Hub.

Type: Array of ActionTarget (p. 167) objects

NextToken (p. 53)

The pagination token to use to request the next page of results.

Type: String

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500

InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401

InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400

ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

API Version 2018-10-2654

Page 70: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDescribeHub

DescribeHubReturns details about the Hub resource in your account, including the HubArn and the time when youenabled Security Hub.

Request SyntaxGET /accounts?HubArn=HubArn HTTP/1.1

URI Request ParametersThe request requires the following URI parameters.

HubArn (p. 56)

The ARN of the Hub resource to retrieve.

Pattern: .*\S.*

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "HubArn": "string", "SubscribedAt": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

HubArn (p. 56)

The ARN of the Hub resource that was retrieved.

Type: String

Pattern: .*\S.*SubscribedAt (p. 56)

The date and time when Security Hub was enabled in the account.

Type: String

Pattern: .*\S.*

API Version 2018-10-2656

Page 71: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2657

Page 72: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDescribeProducts

DescribeProductsReturns information about the available products that you can subscribe to and integrate with SecurityHub in order to consolidate findings.

Request SyntaxGET /products?MaxResults=MaxResults&NextToken=NextToken HTTP/1.1

URI Request ParametersThe request requires the following URI parameters.

MaxResults (p. 58)

The maximum number of results to return.

Valid Range: Minimum value of 1. Maximum value of 100.NextToken (p. 58)

The token that is required for pagination. On your first call to the DescribeProducts operation,set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to thevalue returned from the previous response.

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "NextToken": "string", "Products": [ { "ActivationUrl": "string", "Categories": [ "string" ], "CompanyName": "string", "Description": "string", "IntegrationTypes": [ "string" ], "MarketplaceUrl": "string", "ProductArn": "string", "ProductName": "string", "ProductSubscriptionResourcePolicy": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

API Version 2018-10-2658

Page 73: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceErrors

The following data is returned in JSON format by the service.

NextToken (p. 58)

The pagination token to use to request the next page of results.

Type: StringProducts (p. 58)

A list of products, including details for each product.

Type: Array of Product (p. 283) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2659

Page 74: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

API Version 2018-10-2660

Page 75: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDescribeStandards

DescribeStandardsReturns a list of the available standards in Security Hub.

For each standard, the results include the standard ARN, the name, and a description.

Request SyntaxGET /standards?MaxResults=MaxResults&NextToken=NextToken HTTP/1.1

URI Request ParametersThe request requires the following URI parameters.

MaxResults (p. 61)

The maximum number of standards to return.

Valid Range: Minimum value of 1. Maximum value of 100.NextToken (p. 61)

The token that is required for pagination. On your first call to the DescribeStandards operation,set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to thevalue returned from the previous response.

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "NextToken": "string", "Standards": [ { "Description": "string", "EnabledByDefault": boolean, "Name": "string", "StandardsArn": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

API Version 2018-10-2661

Page 76: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceErrors

NextToken (p. 61)

The pagination token to use to request the next page of results.

Type: StringStandards (p. 61)

A list of available standards.

Type: Array of Standard (p. 299) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2662

Page 77: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDescribeStandardsControls

DescribeStandardsControlsReturns a list of security standards controls.

For each control, the results include information about whether it is currently enabled, the severity, and alink to remediation information.

Request SyntaxGET /standards/controls/StandardsSubscriptionArn+?MaxResults=MaxResults&NextToken=NextToken HTTP/1.1

URI Request ParametersThe request requires the following URI parameters.

MaxResults (p. 63)

The maximum number of security standard controls to return.

Valid Range: Minimum value of 1. Maximum value of 100.NextToken (p. 63)

The token that is required for pagination. On your first call to the DescribeStandardsControlsoperation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to thevalue returned from the previous response.

StandardsSubscriptionArn (p. 63)

The ARN of a resource that represents your subscription to a supported standard.

Pattern: .*\S.*

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "Controls": [ { "ControlId": "string", "ControlStatus": "string", "ControlStatusUpdatedAt": number, "Description": "string", "DisabledReason": "string", "RelatedRequirements": [ "string" ], "RemediationUrl": "string", "SeverityRating": "string",

API Version 2018-10-2663

Page 78: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Elements

"StandardsControlArn": "string", "Title": "string" } ], "NextToken": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Controls (p. 63)

A list of security standards controls.

Type: Array of StandardsControl (p. 300) objectsNextToken (p. 63)

The pagination token to use to request the next page of results.

Type: String

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET

API Version 2018-10-2664

Page 80: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDisableImportFindingsForProduct

DisableImportFindingsForProductDisables the integration of the specified product with Security Hub. After the integration is disabled,findings from that product are no longer sent to Security Hub.

Request SyntaxDELETE /productSubscriptions/ProductSubscriptionArn+ HTTP/1.1

URI Request ParametersThe request requires the following URI parameters.

ProductSubscriptionArn (p. 66)

The ARN of the integrated product to disable the integration for.

Pattern: .*\S.*

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400

API Version 2018-10-2666

Page 81: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2667

Page 82: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDisableSecurityHub

DisableSecurityHubDisables Security Hub in your account only in the current Region. To disable Security Hub in all Regions,you must submit one request per Region where you have enabled Security Hub.

When you disable Security Hub for a master account, it doesn't disable Security Hub for any associatedmember accounts.

When you disable Security Hub, your existing findings and insights and any Security Hub configurationsettings are deleted after 90 days and cannot be recovered. Any standards that were enabled aredisabled, and your master and member account associations are removed.

If you want to save your existing findings, you must export them before you disable Security Hub.

Request SyntaxDELETE /accounts HTTP/1.1

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

API Version 2018-10-2668

Page 83: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

HTTP Status Code: 429ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2669

Page 84: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDisassociateFromMasterAccount

DisassociateFromMasterAccountDisassociates the current Security Hub member account from the associated master account.

Request SyntaxPOST /master/disassociate HTTP/1.1

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500

InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401

InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400

LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429

API Version 2018-10-2670

Page 86: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDisassociateMembers

DisassociateMembersDisassociates the specified member accounts from the associated master account.

Request SyntaxPOST /members/disassociate HTTP/1.1Content-type: application/json

{ "AccountIds": [ "string" ]}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

AccountIds (p. 72)

The account IDs of the member accounts to disassociate from the master account.

Type: Array of strings

Pattern: .*\S.*

Required: No

Response SyntaxHTTP/1.1 200

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

API Version 2018-10-2672

Page 87: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2673

Page 88: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceEnableImportFindingsForProduct

EnableImportFindingsForProductEnables the integration of a partner product with Security Hub. Integrated products send findings toSecurity Hub.

When you enable a product integration, a permission policy that grants permission for the product tosend findings to Security Hub is applied.

Request SyntaxPOST /productSubscriptions HTTP/1.1Content-type: application/json

{ "ProductArn": "string"}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

ProductArn (p. 74)

The ARN of the product to enable the integration for.

Type: String

Pattern: .*\S.*

Required: Yes

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "ProductSubscriptionArn": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ProductSubscriptionArn (p. 74)

The ARN of your subscription to the product to enable integrations for.

API Version 2018-10-2674

Page 89: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceErrors

Type: String

Pattern: .*\S.*

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceConflictException

The resource specified in the request conflicts with an existing resource.

HTTP Status Code: 409

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2675

Page 90: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceEnableSecurityHub

EnableSecurityHubEnables Security Hub for your account in the current Region or the Region you specify in the request.

When you enable Security Hub, you grant to Security Hub the permissions necessary to gather findingsfrom other services that are integrated with Security Hub.

When you use the EnableSecurityHub operation to enable Security Hub, you also automaticallyenable the CIS AWS Foundations standard. You do not enable the Payment Card Industry DataSecurity Standard (PCI DSS) standard. To not enable the CIS AWS Foundations standard, setEnableDefaultStandards to false.

After you enable Security Hub, to enable a standard, use the BatchEnableStandards (p. 8) operation. To disable a standard, use the BatchDisableStandards (p. 6) operation.

To learn more, see Setting Up AWS Security Hub in the AWS Security Hub User Guide.

Request SyntaxPOST /accounts HTTP/1.1Content-type: application/json

{ "EnableDefaultStandards": boolean, "Tags": { "string" : "string" }}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

EnableDefaultStandards (p. 76)

Whether to enable the security standards that Security Hub has designated as automaticallyenabled. If you do not provide a value for EnableDefaultStandards, it is set to true. To notenable the automatically enabled standards, set EnableDefaultStandards to false.

Type: Boolean

Required: NoTags (p. 76)

The tags to add to the Hub resource when you enable Security Hub.

Type: String to string map

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Key Pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$

Value Length Constraints: Maximum length of 256.

API Version 2018-10-2676

Page 91: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

Required: No

Response SyntaxHTTP/1.1 200

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

AccessDeniedException

You don't have permission to perform the action specified in the request.

HTTP Status Code: 403InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceConflictException

The resource specified in the request conflicts with an existing resource.

HTTP Status Code: 409

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3

API Version 2018-10-2677

Page 92: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2678

Page 93: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceGetEnabledStandards

GetEnabledStandardsReturns a list of the standards that are currently enabled.

Request Syntax

POST /standards/get HTTP/1.1Content-type: application/json

{ "MaxResults": number, "NextToken": "string", "StandardsSubscriptionArns": [ "string" ]}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

MaxResults (p. 79)

The maximum number of results to return in the response.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 100.

Required: No

NextToken (p. 79)

The token that is required for pagination. On your first call to the GetEnabledStandardsoperation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to thevalue returned from the previous response.

Type: String

Required: No

StandardsSubscriptionArns (p. 79)

The list of the standards subscription ARNs for the standards to retrieve.

Type: Array of strings

Array Members: Minimum number of 1 item. Maximum number of 25 items.

Pattern: .*\S.*

Required: No

API Version 2018-10-2679

Page 94: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "NextToken": "string", "StandardsSubscriptions": [ { "StandardsArn": "string", "StandardsInput": { "string" : "string" }, "StandardsStatus": "string", "StandardsSubscriptionArn": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

NextToken (p. 80)

The pagination token to use to request the next page of results.

Type: StringStandardsSubscriptions (p. 80)

The list of StandardsSubscriptions objects that include information about the enabledstandards.

Type: Array of StandardsSubscription (p. 302) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400

API Version 2018-10-2680

Page 95: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-2681

Page 96: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceGetFindings

GetFindingsReturns a list of findings that match the specified criteria.

Request SyntaxPOST /findings HTTP/1.1Content-type: application/json

{ "Filters": { "AwsAccountId": [ { "Comparison": "string", "Value": "string" } ], "CompanyName": [ { "Comparison": "string", "Value": "string" } ], "ComplianceStatus": [ { "Comparison": "string", "Value": "string" } ], "Confidence": [ { "Eq": number, "Gte": number, "Lte": number } ], "CreatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "Criticality": [ { "Eq": number, "Gte": number, "Lte": number } ], "Description": [ { "Comparison": "string", "Value": "string" } ], "FirstObservedAt": [ { "DateRange": { "Unit": "string",

API Version 2018-10-2682

Page 97: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"Value": number }, "End": "string", "Start": "string" } ], "GeneratorId": [ { "Comparison": "string", "Value": "string" } ], "Id": [ { "Comparison": "string", "Value": "string" } ], "Keyword": [ { "Value": "string" } ], "LastObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "MalwareName": [ { "Comparison": "string", "Value": "string" } ], "MalwarePath": [ { "Comparison": "string", "Value": "string" } ], "MalwareState": [ { "Comparison": "string", "Value": "string" } ], "MalwareType": [ { "Comparison": "string", "Value": "string" } ], "NetworkDestinationDomain": [ { "Comparison": "string", "Value": "string" } ], "NetworkDestinationIpV4": [ { "Cidr": "string"

API Version 2018-10-2683

Page 98: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

} ], "NetworkDestinationIpV6": [ { "Cidr": "string" } ], "NetworkDestinationPort": [ { "Eq": number, "Gte": number, "Lte": number } ], "NetworkDirection": [ { "Comparison": "string", "Value": "string" } ], "NetworkProtocol": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourceDomain": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourceIpV4": [ { "Cidr": "string" } ], "NetworkSourceIpV6": [ { "Cidr": "string" } ], "NetworkSourceMac": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourcePort": [ { "Eq": number, "Gte": number, "Lte": number } ], "NoteText": [ { "Comparison": "string", "Value": "string" } ], "NoteUpdatedAt": [ { "DateRange": { "Unit": "string", "Value": number

API Version 2018-10-2684

Page 99: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

}, "End": "string", "Start": "string" } ], "NoteUpdatedBy": [ { "Comparison": "string", "Value": "string" } ], "ProcessLaunchedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ProcessName": [ { "Comparison": "string", "Value": "string" } ], "ProcessParentPid": [ { "Eq": number, "Gte": number, "Lte": number } ], "ProcessPath": [ { "Comparison": "string", "Value": "string" } ], "ProcessPid": [ { "Eq": number, "Gte": number, "Lte": number } ], "ProcessTerminatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ProductArn": [ { "Comparison": "string", "Value": "string" } ], "ProductFields": [ { "Comparison": "string",

API Version 2018-10-2685

Page 100: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"Key": "string", "Value": "string" } ], "ProductName": [ { "Comparison": "string", "Value": "string" } ], "RecommendationText": [ { "Comparison": "string", "Value": "string" } ], "RecordState": [ { "Comparison": "string", "Value": "string" } ], "RelatedFindingsId": [ { "Comparison": "string", "Value": "string" } ], "RelatedFindingsProductArn": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceIamInstanceProfileArn": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceImageId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceIpV4Addresses": [ { "Cidr": "string" } ], "ResourceAwsEc2InstanceIpV6Addresses": [ { "Cidr": "string" } ], "ResourceAwsEc2InstanceKeyName": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceLaunchedAt": [ { "DateRange": { "Unit": "string",

API Version 2018-10-2686

Page 101: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"Value": number }, "End": "string", "Start": "string" } ], "ResourceAwsEc2InstanceSubnetId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceType": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceVpcId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsIamAccessKeyCreatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ResourceAwsIamAccessKeyStatus": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsIamAccessKeyUserName": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsS3BucketOwnerId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsS3BucketOwnerName": [ { "Comparison": "string", "Value": "string" } ], "ResourceContainerImageId": [ { "Comparison": "string", "Value": "string" } ], "ResourceContainerImageName": [ {

API Version 2018-10-2687

Page 102: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"Comparison": "string", "Value": "string" } ], "ResourceContainerLaunchedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ResourceContainerName": [ { "Comparison": "string", "Value": "string" } ], "ResourceDetailsOther": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ResourceId": [ { "Comparison": "string", "Value": "string" } ], "ResourcePartition": [ { "Comparison": "string", "Value": "string" } ], "ResourceRegion": [ { "Comparison": "string", "Value": "string" } ], "ResourceTags": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ResourceType": [ { "Comparison": "string", "Value": "string" } ], "SeverityLabel": [ { "Comparison": "string", "Value": "string" } ], "SeverityNormalized": [ {

API Version 2018-10-2688

Page 103: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"Eq": number, "Gte": number, "Lte": number } ], "SeverityProduct": [ { "Eq": number, "Gte": number, "Lte": number } ], "SourceUrl": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorCategory": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorLastObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ThreatIntelIndicatorSource": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorSourceUrl": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorType": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorValue": [ { "Comparison": "string", "Value": "string" } ], "Title": [ { "Comparison": "string", "Value": "string" } ], "Type": [ {

API Version 2018-10-2689

Page 104: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceURI Request Parameters

"Comparison": "string", "Value": "string" } ], "UpdatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "UserDefinedFields": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "VerificationState": [ { "Comparison": "string", "Value": "string" } ], "WorkflowState": [ { "Comparison": "string", "Value": "string" } ], "WorkflowStatus": [ { "Comparison": "string", "Value": "string" } ] }, "MaxResults": number, "NextToken": "string", "SortCriteria": [ { "Field": "string", "SortOrder": "string" } ]}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

Filters (p. 82)

The finding attributes used to define a condition to filter the returned findings.

Type: AwsSecurityFindingFilters (p. 241) object

API Version 2018-10-2690

Page 105: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

Required: NoMaxResults (p. 82)

The maximum number of findings to return.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 100.

Required: NoNextToken (p. 82)

The token that is required for pagination. On your first call to the GetFindings operation, set thevalue of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to thevalue returned from the previous response.

Type: String

Required: NoSortCriteria (p. 82)

The finding attributes used to sort the list of returned findings.

Type: Array of SortCriterion (p. 298) objects

Required: No

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "Findings": [ { "AwsAccountId": "string", "Compliance": { "RelatedRequirements": [ "string" ], "Status": "string" }, "Confidence": number, "CreatedAt": "string", "Criticality": number, "Description": "string", "FirstObservedAt": "string", "GeneratorId": "string", "Id": "string", "LastObservedAt": "string", "Malware": [ { "Name": "string", "Path": "string", "State": "string", "Type": "string" } ], "Network": { "DestinationDomain": "string",

API Version 2018-10-2691

Page 106: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

"DestinationIpV4": "string", "DestinationIpV6": "string", "DestinationPort": number, "Direction": "string", "Protocol": "string", "SourceDomain": "string", "SourceIpV4": "string", "SourceIpV6": "string", "SourceMac": "string", "SourcePort": number }, "Note": { "Text": "string", "UpdatedAt": "string", "UpdatedBy": "string" }, "Process": { "LaunchedAt": "string", "Name": "string", "ParentPid": number, "Path": "string", "Pid": number, "TerminatedAt": "string" }, "ProductArn": "string", "ProductFields": { "string" : "string" }, "RecordState": "string", "RelatedFindings": [ { "Id": "string", "ProductArn": "string" } ], "Remediation": { "Recommendation": { "Text": "string", "Url": "string" } }, "Resources": [ { "Details": { "AwsCloudFrontDistribution": { "DomainName": "string", "ETag": "string", "LastModifiedTime": "string", "Logging": { "Bucket": "string", "Enabled": boolean, "IncludeCookies": boolean, "Prefix": "string" }, "Origins": { "Items": [ { "DomainName": "string", "Id": "string", "OriginPath": "string" } ] }, "Status": "string", "WebAclId": "string" },

API Version 2018-10-2692

Page 107: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

"AwsCodeBuildProject": { "EncryptionKey": "string", "Environment": { "Certificate": "string", "ImagePullCredentialsType": "string", "RegistryCredential": { "Credential": "string", "CredentialProvider": "string" }, "Type": "string" }, "Name": "string", "ServiceRole": "string", "Source": { "GitCloneDepth": number, "InsecureSsl": boolean, "Location": "string", "Type": "string" }, "VpcConfig": { "SecurityGroupIds": [ "string" ], "Subnets": [ "string" ], "VpcId": "string" } }, "AwsEc2Instance": { "IamInstanceProfileArn": "string", "ImageId": "string", "IpV4Addresses": [ "string" ], "IpV6Addresses": [ "string" ], "KeyName": "string", "LaunchedAt": "string", "SubnetId": "string", "Type": "string", "VpcId": "string" }, "AwsEc2NetworkInterface": { "Attachment": { "AttachmentId": "string", "AttachTime": "string", "DeleteOnTermination": boolean, "DeviceIndex": number, "InstanceId": "string", "InstanceOwnerId": "string", "Status": "string" }, "NetworkInterfaceId": "string", "SecurityGroups": [ { "GroupId": "string", "GroupName": "string" } ], "SourceDestCheck": boolean }, "AwsEc2SecurityGroup": { "GroupId": "string", "GroupName": "string", "IpPermissions": [ { "FromPort": number, "IpProtocol": "string", "IpRanges": [ { "CidrIp": "string" }

API Version 2018-10-2693

Page 108: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

], "Ipv6Ranges": [ { "CidrIpv6": "string" } ], "PrefixListIds": [ { "PrefixListId": "string" } ], "ToPort": number, "UserIdGroupPairs": [ { "GroupId": "string", "GroupName": "string", "PeeringStatus": "string", "UserId": "string", "VpcId": "string", "VpcPeeringConnectionId": "string" } ] } ], "IpPermissionsEgress": [ { "FromPort": number, "IpProtocol": "string", "IpRanges": [ { "CidrIp": "string" } ], "Ipv6Ranges": [ { "CidrIpv6": "string" } ], "PrefixListIds": [ { "PrefixListId": "string" } ], "ToPort": number, "UserIdGroupPairs": [ { "GroupId": "string", "GroupName": "string", "PeeringStatus": "string", "UserId": "string", "VpcId": "string", "VpcPeeringConnectionId": "string" } ] } ], "OwnerId": "string", "VpcId": "string" }, "AwsElasticsearchDomain": { "AccessPolicies": "string", "DomainEndpointOptions": { "EnforceHTTPS": boolean, "TLSSecurityPolicy": "string" }, "DomainId": "string",

API Version 2018-10-2694

Page 109: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

"DomainName": "string", "ElasticsearchVersion": "string", "EncryptionAtRestOptions": { "Enabled": boolean, "KmsKeyId": "string" }, "Endpoint": "string", "Endpoints": { "string" : "string" }, "NodeToNodeEncryptionOptions": { "Enabled": boolean }, "VPCOptions": { "AvailabilityZones": [ "string" ], "SecurityGroupIds": [ "string" ], "SubnetIds": [ "string" ], "VPCId": "string" } }, "AwsElbv2LoadBalancer": { "AvailabilityZones": [ { "SubnetId": "string", "ZoneName": "string" } ], "CanonicalHostedZoneId": "string", "CreatedTime": "string", "DNSName": "string", "IpAddressType": "string", "Scheme": "string", "SecurityGroups": [ "string" ], "State": { "Code": "string", "Reason": "string" }, "Type": "string", "VpcId": "string" }, "AwsIamAccessKey": { "CreatedAt": "string", "PrincipalId": "string", "PrincipalName": "string", "PrincipalType": "string", "Status": "string", "UserName": "string" }, "AwsIamRole": { "AssumeRolePolicyDocument": "string", "CreateDate": "string", "MaxSessionDuration": number, "Path": "string", "RoleId": "string", "RoleName": "string" }, "AwsKmsKey": { "AWSAccountId": "string", "CreationDate": number, "KeyId": "string", "KeyManager": "string", "KeyState": "string", "Origin": "string" }, "AwsLambdaFunction": { "Code": {

API Version 2018-10-2695

Page 110: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

"S3Bucket": "string", "S3Key": "string", "S3ObjectVersion": "string", "ZipFile": "string" }, "CodeSha256": "string", "DeadLetterConfig": { "TargetArn": "string" }, "Environment": { "Error": { "ErrorCode": "string", "Message": "string" }, "Variables": { "string" : "string" } }, "FunctionName": "string", "Handler": "string", "KmsKeyArn": "string", "LastModified": "string", "Layers": [ { "Arn": "string", "CodeSize": number } ], "MasterArn": "string", "MemorySize": number, "RevisionId": "string", "Role": "string", "Runtime": "string", "Timeout": number, "TracingConfig": { "Mode": "string" }, "Version": "string", "VpcConfig": { "SecurityGroupIds": [ "string" ], "SubnetIds": [ "string" ], "VpcId": "string" } }, "AwsLambdaLayerVersion": { "CompatibleRuntimes": [ "string" ], "CreatedDate": "string", "Version": number }, "AwsRdsDbInstance": { "AssociatedRoles": [ { "FeatureName": "string", "RoleArn": "string", "Status": "string" } ], "CACertificateIdentifier": "string", "DBClusterIdentifier": "string", "DBInstanceClass": "string", "DBInstanceIdentifier": "string", "DbInstancePort": number, "DbiResourceId": "string", "DBName": "string", "DeletionProtection": boolean, "Endpoint": {

API Version 2018-10-2696

Page 111: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

"Address": "string", "HostedZoneId": "string", "Port": number }, "Engine": "string", "EngineVersion": "string", "IAMDatabaseAuthenticationEnabled": boolean, "InstanceCreateTime": "string", "KmsKeyId": "string", "PubliclyAccessible": boolean, "StorageEncrypted": boolean, "TdeCredentialArn": "string", "VpcSecurityGroups": [ { "Status": "string", "VpcSecurityGroupId": "string" } ] }, "AwsS3Bucket": { "CreatedAt": "string", "OwnerId": "string", "OwnerName": "string", "ServerSideEncryptionConfiguration": { "Rules": [ { "ApplyServerSideEncryptionByDefault": { "KMSMasterKeyID": "string", "SSEAlgorithm": "string" } } ] } }, "AwsS3Object": { "ContentType": "string", "ETag": "string", "LastModified": "string", "ServerSideEncryption": "string", "SSEKMSKeyId": "string", "VersionId": "string" }, "AwsSnsTopic": { "KmsMasterKeyId": "string", "Owner": "string", "Subscription": [ { "Endpoint": "string", "Protocol": "string" } ], "TopicName": "string" }, "AwsSqsQueue": { "DeadLetterTargetArn": "string", "KmsDataKeyReusePeriodSeconds": number, "KmsMasterKeyId": "string", "QueueName": "string" }, "AwsWafWebAcl": { "DefaultAction": "string", "Name": "string", "Rules": [ { "Action": { "Type": "string"

API Version 2018-10-2697

Page 112: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

}, "ExcludedRules": [ { "RuleId": "string" } ], "OverrideAction": { "Type": "string" }, "Priority": number, "RuleId": "string", "Type": "string" } ], "WebAclId": "string" }, "Container": { "ImageId": "string", "ImageName": "string", "LaunchedAt": "string", "Name": "string" }, "Other": { "string" : "string" } }, "Id": "string", "Partition": "string", "Region": "string", "Tags": { "string" : "string" }, "Type": "string" } ], "SchemaVersion": "string", "Severity": { "Label": "string", "Normalized": number, "Product": number }, "SourceUrl": "string", "ThreatIntelIndicators": [ { "Category": "string", "LastObservedAt": "string", "Source": "string", "SourceUrl": "string", "Type": "string", "Value": "string" } ], "Title": "string", "Types": [ "string" ], "UpdatedAt": "string", "UserDefinedFields": { "string" : "string" }, "VerificationState": "string", "Workflow": { "Status": "string" }, "WorkflowState": "string" } ], "NextToken": "string"

API Version 2018-10-2698

Page 113: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Elements

}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Findings (p. 91)

The findings that matched the filters specified in the request.

Type: Array of AwsSecurityFinding (p. 235) objectsNextToken (p. 91)

The pagination token to use to request the next page of results.

Type: String

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go

API Version 2018-10-2699

Page 115: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceGetInsightResults

GetInsightResultsLists the results of the Security Hub insight specified by the insight ARN.

Request Syntax

GET /insights/results/InsightArn+ HTTP/1.1

URI Request ParametersThe request requires the following URI parameters.

InsightArn (p. 101)

The ARN of the insight for which to return results.

Pattern: .*\S.*

Request BodyThe request does not have a request body.

Response Syntax

HTTP/1.1 200Content-type: application/json

{ "InsightResults": { "GroupByAttribute": "string", "InsightArn": "string", "ResultValues": [ { "Count": number, "GroupByAttributeValue": "string" } ] }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

InsightResults (p. 101)

The insight results returned by the operation.

Type: InsightResults (p. 266) object

API Version 2018-10-26101

Page 116: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-26102

Page 117: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceGetInsights

GetInsightsLists and describes insights for the specified insight ARNs.

Request SyntaxPOST /insights/get HTTP/1.1Content-type: application/json

{ "InsightArns": [ "string" ], "MaxResults": number, "NextToken": "string"}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

InsightArns (p. 103)

The ARNs of the insights to describe. If you do not provide any insight ARNs, then GetInsightsreturns all of your custom insights. It does not return any managed insights.

Type: Array of strings

Pattern: .*\S.*

Required: NoMaxResults (p. 103)

The maximum number of items to return in the response.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 100.

Required: NoNextToken (p. 103)

The token that is required for pagination. On your first call to the GetInsights operation, set thevalue of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to thevalue returned from the previous response.

Type: String

Required: No

Response SyntaxHTTP/1.1 200

API Version 2018-10-26103

Page 118: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

Content-type: application/json

{ "Insights": [ { "Filters": { "AwsAccountId": [ { "Comparison": "string", "Value": "string" } ], "CompanyName": [ { "Comparison": "string", "Value": "string" } ], "ComplianceStatus": [ { "Comparison": "string", "Value": "string" } ], "Confidence": [ { "Eq": number, "Gte": number, "Lte": number } ], "CreatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "Criticality": [ { "Eq": number, "Gte": number, "Lte": number } ], "Description": [ { "Comparison": "string", "Value": "string" } ], "FirstObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "GeneratorId": [ {

API Version 2018-10-26104

Page 119: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

"Comparison": "string", "Value": "string" } ], "Id": [ { "Comparison": "string", "Value": "string" } ], "Keyword": [ { "Value": "string" } ], "LastObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "MalwareName": [ { "Comparison": "string", "Value": "string" } ], "MalwarePath": [ { "Comparison": "string", "Value": "string" } ], "MalwareState": [ { "Comparison": "string", "Value": "string" } ], "MalwareType": [ { "Comparison": "string", "Value": "string" } ], "NetworkDestinationDomain": [ { "Comparison": "string", "Value": "string" } ], "NetworkDestinationIpV4": [ { "Cidr": "string" } ], "NetworkDestinationIpV6": [ { "Cidr": "string" } ], "NetworkDestinationPort": [

API Version 2018-10-26105

Page 120: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

{ "Eq": number, "Gte": number, "Lte": number } ], "NetworkDirection": [ { "Comparison": "string", "Value": "string" } ], "NetworkProtocol": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourceDomain": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourceIpV4": [ { "Cidr": "string" } ], "NetworkSourceIpV6": [ { "Cidr": "string" } ], "NetworkSourceMac": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourcePort": [ { "Eq": number, "Gte": number, "Lte": number } ], "NoteText": [ { "Comparison": "string", "Value": "string" } ], "NoteUpdatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "NoteUpdatedBy": [ { "Comparison": "string",

API Version 2018-10-26106

Page 121: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

"Value": "string" } ], "ProcessLaunchedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ProcessName": [ { "Comparison": "string", "Value": "string" } ], "ProcessParentPid": [ { "Eq": number, "Gte": number, "Lte": number } ], "ProcessPath": [ { "Comparison": "string", "Value": "string" } ], "ProcessPid": [ { "Eq": number, "Gte": number, "Lte": number } ], "ProcessTerminatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ProductArn": [ { "Comparison": "string", "Value": "string" } ], "ProductFields": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ProductName": [ { "Comparison": "string", "Value": "string"

API Version 2018-10-26107

Page 122: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

} ], "RecommendationText": [ { "Comparison": "string", "Value": "string" } ], "RecordState": [ { "Comparison": "string", "Value": "string" } ], "RelatedFindingsId": [ { "Comparison": "string", "Value": "string" } ], "RelatedFindingsProductArn": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceIamInstanceProfileArn": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceImageId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceIpV4Addresses": [ { "Cidr": "string" } ], "ResourceAwsEc2InstanceIpV6Addresses": [ { "Cidr": "string" } ], "ResourceAwsEc2InstanceKeyName": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceLaunchedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ResourceAwsEc2InstanceSubnetId": [ {

API Version 2018-10-26108

Page 123: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

"Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceType": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceVpcId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsIamAccessKeyCreatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ResourceAwsIamAccessKeyStatus": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsIamAccessKeyUserName": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsS3BucketOwnerId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsS3BucketOwnerName": [ { "Comparison": "string", "Value": "string" } ], "ResourceContainerImageId": [ { "Comparison": "string", "Value": "string" } ], "ResourceContainerImageName": [ { "Comparison": "string", "Value": "string" } ], "ResourceContainerLaunchedAt": [ { "DateRange": { "Unit": "string",

API Version 2018-10-26109

Page 124: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

"Value": number }, "End": "string", "Start": "string" } ], "ResourceContainerName": [ { "Comparison": "string", "Value": "string" } ], "ResourceDetailsOther": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ResourceId": [ { "Comparison": "string", "Value": "string" } ], "ResourcePartition": [ { "Comparison": "string", "Value": "string" } ], "ResourceRegion": [ { "Comparison": "string", "Value": "string" } ], "ResourceTags": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ResourceType": [ { "Comparison": "string", "Value": "string" } ], "SeverityLabel": [ { "Comparison": "string", "Value": "string" } ], "SeverityNormalized": [ { "Eq": number, "Gte": number, "Lte": number } ], "SeverityProduct": [ { "Eq": number,

API Version 2018-10-26110

Page 125: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

"Gte": number, "Lte": number } ], "SourceUrl": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorCategory": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorLastObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ThreatIntelIndicatorSource": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorSourceUrl": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorType": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorValue": [ { "Comparison": "string", "Value": "string" } ], "Title": [ { "Comparison": "string", "Value": "string" } ], "Type": [ { "Comparison": "string", "Value": "string" } ], "UpdatedAt": [ { "DateRange": { "Unit": "string",

API Version 2018-10-26111

Page 126: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Elements

"Value": number }, "End": "string", "Start": "string" } ], "UserDefinedFields": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "VerificationState": [ { "Comparison": "string", "Value": "string" } ], "WorkflowState": [ { "Comparison": "string", "Value": "string" } ], "WorkflowStatus": [ { "Comparison": "string", "Value": "string" } ] }, "GroupByAttribute": "string", "InsightArn": "string", "Name": "string" } ], "NextToken": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Insights (p. 103)

The insights returned by the operation.

Type: Array of Insight (p. 265) objects

NextToken (p. 103)

The pagination token to use to request the next page of results.

Type: String

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

API Version 2018-10-26112

Page 127: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-26113

Page 128: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceGetInvitationsCount

GetInvitationsCountReturns the count of all Security Hub membership invitations that were sent to the current memberaccount, not including the currently accepted invitation.

Request SyntaxGET /invitations/count HTTP/1.1

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "InvitationsCount": number}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

InvitationsCount (p. 114)

The number of all membership invitations sent to this Security Hub member account, not includingthe currently accepted invitation.

Type: Integer

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

API Version 2018-10-26114

Page 129: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-26115

Page 130: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceGetMasterAccount

GetMasterAccountProvides the details for the Security Hub master account for the current member account.

Request SyntaxGET /master HTTP/1.1

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "Master": { "AccountId": "string", "InvitationId": "string", "InvitedAt": number, "MemberStatus": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Master (p. 116)

A list of details about the Security Hub master account for the current member account.

Type: Invitation (p. 268) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500

API Version 2018-10-26116

Page 131: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-26117

Page 132: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceGetMembers

GetMembersReturns the details for the Security Hub member accounts for the specified account IDs.

Request Syntax

POST /members/get HTTP/1.1Content-type: application/json

{ "AccountIds": [ "string" ]}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

AccountIds (p. 118)

The list of account IDs for the Security Hub member accounts to return the details for.

Type: Array of strings

Pattern: .*\S.*

Required: Yes

Response Syntax

HTTP/1.1 200Content-type: application/json

{ "Members": [ { "AccountId": "string", "Email": "string", "InvitedAt": number, "MasterId": "string", "MemberStatus": "string", "UpdatedAt": number } ], "UnprocessedAccounts": [ { "AccountId": "string", "ProcessingResult": "string" } ]}

API Version 2018-10-26118

Page 133: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Elements

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Members (p. 118)

The list of details about the Security Hub member accounts.

Type: Array of Member (p. 274) objectsUnprocessedAccounts (p. 118)

The list of AWS accounts that could not be processed. For each account, the list includes the accountID and the email address.

Type: Array of Result (p. 294) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

API Version 2018-10-26119

Page 135: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceInviteMembers

InviteMembersInvites other AWS accounts to become member accounts for the Security Hub master account that theinvitation is sent from.

Before you can use this action to invite a member, you must first use the CreateMembers (p. 40) action to create the member account in Security Hub.

When the account owner accepts the invitation to become a member account and enables Security Hub,the master account can view the findings generated from the member account.

Request SyntaxPOST /members/invite HTTP/1.1Content-type: application/json

{ "AccountIds": [ "string" ]}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

AccountIds (p. 121)

The list of account IDs of the AWS accounts to invite to Security Hub as members.

Type: Array of strings

Pattern: .*\S.*

Required: No

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "UnprocessedAccounts": [ { "AccountId": "string", "ProcessingResult": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

API Version 2018-10-26121

Page 136: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceErrors

The following data is returned in JSON format by the service.

UnprocessedAccounts (p. 121)

The list of AWS accounts that could not be processed. For each account, the list includes the accountID and the email address.

Type: Array of Result (p. 294) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-26122

Page 137: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

API Version 2018-10-26123

Page 138: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceListEnabledProductsForImport

ListEnabledProductsForImportLists all findings-generating solutions (products) that you are subscribed to receive findings from inSecurity Hub.

Request SyntaxGET /productSubscriptions?MaxResults=MaxResults&NextToken=NextToken HTTP/1.1

URI Request ParametersThe request requires the following URI parameters.

MaxResults (p. 124)

The maximum number of items to return in the response.

Valid Range: Minimum value of 1. Maximum value of 100.

NextToken (p. 124)

The token that is required for pagination. On your first call to theListEnabledProductsForImport operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to thevalue returned from the previous response.

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "NextToken": "string", "ProductSubscriptions": [ "string" ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

NextToken (p. 124)

The pagination token to use to request the next page of results.

Type: String

API Version 2018-10-26124

Page 139: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceErrors

ProductSubscriptions (p. 124)

The list of ARNs for the resources that represent your subscriptions to products.

Type: Array of strings

Pattern: .*\S.*

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-26125

Page 140: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceListInvitations

ListInvitationsLists all Security Hub membership invitations that were sent to the current AWS account.

Request SyntaxGET /invitations?MaxResults=MaxResults&NextToken=NextToken HTTP/1.1

URI Request ParametersThe request requires the following URI parameters.

MaxResults (p. 126)

The maximum number of items to return in the response.

Valid Range: Minimum value of 1. Maximum value of 100.NextToken (p. 126)

The token that is required for pagination. On your first call to the ListInvitations operation, setthe value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to thevalue returned from the previous response.

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "Invitations": [ { "AccountId": "string", "InvitationId": "string", "InvitedAt": number, "MemberStatus": "string" } ], "NextToken": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Invitations (p. 126)

The details of the invitations returned by the operation.

API Version 2018-10-26126

Page 141: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceErrors

Type: Array of Invitation (p. 268) objectsNextToken (p. 126)

The pagination token to use to request the next page of results.

Type: String

Pattern: .*\S.*

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-26127

Page 142: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceListMembers

ListMembersLists details about all member accounts for the current Security Hub master account.

Request SyntaxGET /members?MaxResults=MaxResults&NextToken=NextToken&OnlyAssociated=OnlyAssociated HTTP/1.1

URI Request ParametersThe request requires the following URI parameters.

MaxResults (p. 128)

The maximum number of items to return in the response.

Valid Range: Minimum value of 1. Maximum value of 100.NextToken (p. 128)

The token that is required for pagination. On your first call to the ListMembers operation, set thevalue of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to thevalue returned from the previous response.

OnlyAssociated (p. 128)

Specifies which member accounts to include in the response based on their relationship status withthe master account. The default value is TRUE.

If OnlyAssociated is set to TRUE, the response includes member accounts whose relationshipstatus with the master is set to ENABLED or DISABLED.

If OnlyAssociated is set to FALSE, the response includes all existing member accounts.

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "Members": [ { "AccountId": "string", "Email": "string", "InvitedAt": number, "MasterId": "string", "MemberStatus": "string", "UpdatedAt": number }

API Version 2018-10-26128

Page 143: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Elements

], "NextToken": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Members (p. 128)

Member details returned by the operation.

Type: Array of Member (p. 274) objectsNextToken (p. 128)

The pagination token to use to request the next page of results.

Type: String

Pattern: .*\S.*

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

API Version 2018-10-26129

Page 145: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceListTagsForResource

ListTagsForResourceReturns a list of tags associated with a resource.

Request SyntaxGET /tags/ResourceArn HTTP/1.1

URI Request ParametersThe request requires the following URI parameters.

ResourceArn (p. 131)

The ARN of the resource to retrieve tags for.

Pattern: ^arn:aws:securityhub:.*

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200Content-type: application/json

{ "Tags": { "string" : "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Tags (p. 131)

The tags associated with a resource.

Type: String to string map

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Key Pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$

Value Length Constraints: Maximum length of 256.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

API Version 2018-10-26131

Page 146: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

InternalException

Internal server error.

HTTP Status Code: 500InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-26132

Page 147: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceTagResource

TagResourceAdds one or more tags to a resource.

Request SyntaxPOST /tags/ResourceArn HTTP/1.1Content-type: application/json

{ "Tags": { "string" : "string" }}

URI Request ParametersThe request requires the following URI parameters.

ResourceArn (p. 133)

The ARN of the resource to apply the tags to.

Pattern: ^arn:aws:securityhub:.*

Request BodyThe request accepts the following data in JSON format.

Tags (p. 133)

The tags to add to the resource.

Type: String to string map

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Key Pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$

Value Length Constraints: Maximum length of 256.

Required: Yes

Response SyntaxHTTP/1.1 200

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

API Version 2018-10-26133

Page 148: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

InternalException

Internal server error.

HTTP Status Code: 500InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-26134

Page 149: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceUntagResource

UntagResourceRemoves one or more tags from a resource.

Request SyntaxDELETE /tags/ResourceArn?tagKeys=TagKeys HTTP/1.1

URI Request ParametersThe request requires the following URI parameters.

ResourceArn (p. 135)

The ARN of the resource to remove the tags from.

Pattern: ^arn:aws:securityhub:.*TagKeys (p. 135)

The tag keys associated with the tags to remove from the resource.

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$

Request BodyThe request does not have a request body.

Response SyntaxHTTP/1.1 200

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

API Version 2018-10-26135

Page 150: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

HTTP Status Code: 400ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-26136

Page 151: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceUpdateActionTarget

UpdateActionTargetUpdates the name and description of a custom action target in Security Hub.

Request SyntaxPATCH /actionTargets/ActionTargetArn+ HTTP/1.1Content-type: application/json

{ "Description": "string", "Name": "string"}

URI Request ParametersThe request requires the following URI parameters.

ActionTargetArn (p. 137)

The ARN of the custom action target to update.

Pattern: .*\S.*

Request BodyThe request accepts the following data in JSON format.

Description (p. 137)

The updated description for the custom action target.

Type: String

Pattern: .*\S.*

Required: NoName (p. 137)

The updated name of the custom action target.

Type: String

Pattern: .*\S.*

Required: No

Response SyntaxHTTP/1.1 200

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

API Version 2018-10-26137

Page 152: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-26138

Page 153: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceUpdateFindings

UpdateFindingsUpdateFindings is deprecated. Instead of UpdateFindings, use BatchUpdateFindings.

Updates the Note and RecordState of the Security Hub-aggregated findings that the filter attributesspecify. Any member account that can view the finding also sees the update to the finding.

Request SyntaxPATCH /findings HTTP/1.1Content-type: application/json

{ "Filters": { "AwsAccountId": [ { "Comparison": "string", "Value": "string" } ], "CompanyName": [ { "Comparison": "string", "Value": "string" } ], "ComplianceStatus": [ { "Comparison": "string", "Value": "string" } ], "Confidence": [ { "Eq": number, "Gte": number, "Lte": number } ], "CreatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "Criticality": [ { "Eq": number, "Gte": number, "Lte": number } ], "Description": [ { "Comparison": "string", "Value": "string" } ],

API Version 2018-10-26139

Page 154: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"FirstObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "GeneratorId": [ { "Comparison": "string", "Value": "string" } ], "Id": [ { "Comparison": "string", "Value": "string" } ], "Keyword": [ { "Value": "string" } ], "LastObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "MalwareName": [ { "Comparison": "string", "Value": "string" } ], "MalwarePath": [ { "Comparison": "string", "Value": "string" } ], "MalwareState": [ { "Comparison": "string", "Value": "string" } ], "MalwareType": [ { "Comparison": "string", "Value": "string" } ], "NetworkDestinationDomain": [ { "Comparison": "string", "Value": "string" }

API Version 2018-10-26140

Page 155: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

], "NetworkDestinationIpV4": [ { "Cidr": "string" } ], "NetworkDestinationIpV6": [ { "Cidr": "string" } ], "NetworkDestinationPort": [ { "Eq": number, "Gte": number, "Lte": number } ], "NetworkDirection": [ { "Comparison": "string", "Value": "string" } ], "NetworkProtocol": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourceDomain": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourceIpV4": [ { "Cidr": "string" } ], "NetworkSourceIpV6": [ { "Cidr": "string" } ], "NetworkSourceMac": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourcePort": [ { "Eq": number, "Gte": number, "Lte": number } ], "NoteText": [ { "Comparison": "string", "Value": "string" } ], "NoteUpdatedAt": [

API Version 2018-10-26141

Page 156: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

{ "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "NoteUpdatedBy": [ { "Comparison": "string", "Value": "string" } ], "ProcessLaunchedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ProcessName": [ { "Comparison": "string", "Value": "string" } ], "ProcessParentPid": [ { "Eq": number, "Gte": number, "Lte": number } ], "ProcessPath": [ { "Comparison": "string", "Value": "string" } ], "ProcessPid": [ { "Eq": number, "Gte": number, "Lte": number } ], "ProcessTerminatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ProductArn": [ { "Comparison": "string", "Value": "string" }

API Version 2018-10-26142

Page 157: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

], "ProductFields": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ProductName": [ { "Comparison": "string", "Value": "string" } ], "RecommendationText": [ { "Comparison": "string", "Value": "string" } ], "RecordState": [ { "Comparison": "string", "Value": "string" } ], "RelatedFindingsId": [ { "Comparison": "string", "Value": "string" } ], "RelatedFindingsProductArn": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceIamInstanceProfileArn": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceImageId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceIpV4Addresses": [ { "Cidr": "string" } ], "ResourceAwsEc2InstanceIpV6Addresses": [ { "Cidr": "string" } ], "ResourceAwsEc2InstanceKeyName": [ { "Comparison": "string", "Value": "string" } ],

API Version 2018-10-26143

Page 158: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"ResourceAwsEc2InstanceLaunchedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ResourceAwsEc2InstanceSubnetId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceType": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceVpcId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsIamAccessKeyCreatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ResourceAwsIamAccessKeyStatus": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsIamAccessKeyUserName": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsS3BucketOwnerId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsS3BucketOwnerName": [ { "Comparison": "string", "Value": "string" } ], "ResourceContainerImageId": [ { "Comparison": "string", "Value": "string"

API Version 2018-10-26144

Page 159: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

} ], "ResourceContainerImageName": [ { "Comparison": "string", "Value": "string" } ], "ResourceContainerLaunchedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ResourceContainerName": [ { "Comparison": "string", "Value": "string" } ], "ResourceDetailsOther": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ResourceId": [ { "Comparison": "string", "Value": "string" } ], "ResourcePartition": [ { "Comparison": "string", "Value": "string" } ], "ResourceRegion": [ { "Comparison": "string", "Value": "string" } ], "ResourceTags": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ResourceType": [ { "Comparison": "string", "Value": "string" } ], "SeverityLabel": [ { "Comparison": "string", "Value": "string"

API Version 2018-10-26145

Page 160: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

} ], "SeverityNormalized": [ { "Eq": number, "Gte": number, "Lte": number } ], "SeverityProduct": [ { "Eq": number, "Gte": number, "Lte": number } ], "SourceUrl": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorCategory": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorLastObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ThreatIntelIndicatorSource": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorSourceUrl": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorType": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorValue": [ { "Comparison": "string", "Value": "string" } ], "Title": [ { "Comparison": "string", "Value": "string"

API Version 2018-10-26146

Page 161: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceURI Request Parameters

} ], "Type": [ { "Comparison": "string", "Value": "string" } ], "UpdatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "UserDefinedFields": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "VerificationState": [ { "Comparison": "string", "Value": "string" } ], "WorkflowState": [ { "Comparison": "string", "Value": "string" } ], "WorkflowStatus": [ { "Comparison": "string", "Value": "string" } ] }, "Note": { "Text": "string", "UpdatedBy": "string" }, "RecordState": "string"}

URI Request ParametersThe request does not use any URI parameters.

Request BodyThe request accepts the following data in JSON format.

Filters (p. 139)

A collection of attributes that specify which findings you want to update.

API Version 2018-10-26147

Page 162: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

Type: AwsSecurityFindingFilters (p. 241) object

Required: YesNote (p. 139)

The updated note for the finding.

Type: NoteUpdate (p. 279) object

Required: NoRecordState (p. 139)

The updated record state for the finding.

Type: String

Valid Values: ACTIVE | ARCHIVED

Required: No

Response SyntaxHTTP/1.1 200

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429

API Version 2018-10-26148

Page 163: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-26149

Page 164: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceUpdateInsight

UpdateInsightUpdates the Security Hub insight identified by the specified insight ARN.

Request SyntaxPATCH /insights/InsightArn+ HTTP/1.1Content-type: application/json

{ "Filters": { "AwsAccountId": [ { "Comparison": "string", "Value": "string" } ], "CompanyName": [ { "Comparison": "string", "Value": "string" } ], "ComplianceStatus": [ { "Comparison": "string", "Value": "string" } ], "Confidence": [ { "Eq": number, "Gte": number, "Lte": number } ], "CreatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "Criticality": [ { "Eq": number, "Gte": number, "Lte": number } ], "Description": [ { "Comparison": "string", "Value": "string" } ], "FirstObservedAt": [ { "DateRange": { "Unit": "string",

API Version 2018-10-26150

Page 165: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"Value": number }, "End": "string", "Start": "string" } ], "GeneratorId": [ { "Comparison": "string", "Value": "string" } ], "Id": [ { "Comparison": "string", "Value": "string" } ], "Keyword": [ { "Value": "string" } ], "LastObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "MalwareName": [ { "Comparison": "string", "Value": "string" } ], "MalwarePath": [ { "Comparison": "string", "Value": "string" } ], "MalwareState": [ { "Comparison": "string", "Value": "string" } ], "MalwareType": [ { "Comparison": "string", "Value": "string" } ], "NetworkDestinationDomain": [ { "Comparison": "string", "Value": "string" } ], "NetworkDestinationIpV4": [ { "Cidr": "string"

API Version 2018-10-26151

Page 166: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

} ], "NetworkDestinationIpV6": [ { "Cidr": "string" } ], "NetworkDestinationPort": [ { "Eq": number, "Gte": number, "Lte": number } ], "NetworkDirection": [ { "Comparison": "string", "Value": "string" } ], "NetworkProtocol": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourceDomain": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourceIpV4": [ { "Cidr": "string" } ], "NetworkSourceIpV6": [ { "Cidr": "string" } ], "NetworkSourceMac": [ { "Comparison": "string", "Value": "string" } ], "NetworkSourcePort": [ { "Eq": number, "Gte": number, "Lte": number } ], "NoteText": [ { "Comparison": "string", "Value": "string" } ], "NoteUpdatedAt": [ { "DateRange": { "Unit": "string", "Value": number

API Version 2018-10-26152

Page 167: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

}, "End": "string", "Start": "string" } ], "NoteUpdatedBy": [ { "Comparison": "string", "Value": "string" } ], "ProcessLaunchedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ProcessName": [ { "Comparison": "string", "Value": "string" } ], "ProcessParentPid": [ { "Eq": number, "Gte": number, "Lte": number } ], "ProcessPath": [ { "Comparison": "string", "Value": "string" } ], "ProcessPid": [ { "Eq": number, "Gte": number, "Lte": number } ], "ProcessTerminatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ProductArn": [ { "Comparison": "string", "Value": "string" } ], "ProductFields": [ { "Comparison": "string",

API Version 2018-10-26153

Page 168: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"Key": "string", "Value": "string" } ], "ProductName": [ { "Comparison": "string", "Value": "string" } ], "RecommendationText": [ { "Comparison": "string", "Value": "string" } ], "RecordState": [ { "Comparison": "string", "Value": "string" } ], "RelatedFindingsId": [ { "Comparison": "string", "Value": "string" } ], "RelatedFindingsProductArn": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceIamInstanceProfileArn": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceImageId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceIpV4Addresses": [ { "Cidr": "string" } ], "ResourceAwsEc2InstanceIpV6Addresses": [ { "Cidr": "string" } ], "ResourceAwsEc2InstanceKeyName": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceLaunchedAt": [ { "DateRange": { "Unit": "string",

API Version 2018-10-26154

Page 169: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"Value": number }, "End": "string", "Start": "string" } ], "ResourceAwsEc2InstanceSubnetId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceType": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsEc2InstanceVpcId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsIamAccessKeyCreatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ResourceAwsIamAccessKeyStatus": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsIamAccessKeyUserName": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsS3BucketOwnerId": [ { "Comparison": "string", "Value": "string" } ], "ResourceAwsS3BucketOwnerName": [ { "Comparison": "string", "Value": "string" } ], "ResourceContainerImageId": [ { "Comparison": "string", "Value": "string" } ], "ResourceContainerImageName": [ {

API Version 2018-10-26155

Page 170: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"Comparison": "string", "Value": "string" } ], "ResourceContainerLaunchedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ResourceContainerName": [ { "Comparison": "string", "Value": "string" } ], "ResourceDetailsOther": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ResourceId": [ { "Comparison": "string", "Value": "string" } ], "ResourcePartition": [ { "Comparison": "string", "Value": "string" } ], "ResourceRegion": [ { "Comparison": "string", "Value": "string" } ], "ResourceTags": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "ResourceType": [ { "Comparison": "string", "Value": "string" } ], "SeverityLabel": [ { "Comparison": "string", "Value": "string" } ], "SeverityNormalized": [ {

API Version 2018-10-26156

Page 171: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRequest Syntax

"Eq": number, "Gte": number, "Lte": number } ], "SeverityProduct": [ { "Eq": number, "Gte": number, "Lte": number } ], "SourceUrl": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorCategory": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorLastObservedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "ThreatIntelIndicatorSource": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorSourceUrl": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorType": [ { "Comparison": "string", "Value": "string" } ], "ThreatIntelIndicatorValue": [ { "Comparison": "string", "Value": "string" } ], "Title": [ { "Comparison": "string", "Value": "string" } ], "Type": [ {

API Version 2018-10-26157

Page 172: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceURI Request Parameters

"Comparison": "string", "Value": "string" } ], "UpdatedAt": [ { "DateRange": { "Unit": "string", "Value": number }, "End": "string", "Start": "string" } ], "UserDefinedFields": [ { "Comparison": "string", "Key": "string", "Value": "string" } ], "VerificationState": [ { "Comparison": "string", "Value": "string" } ], "WorkflowState": [ { "Comparison": "string", "Value": "string" } ], "WorkflowStatus": [ { "Comparison": "string", "Value": "string" } ] }, "GroupByAttribute": "string", "Name": "string"}

URI Request ParametersThe request requires the following URI parameters.

InsightArn (p. 150)

The ARN of the insight that you want to update.

Pattern: .*\S.*

Request BodyThe request accepts the following data in JSON format.

Filters (p. 150)

The updated filters that define this insight.

API Version 2018-10-26158

Page 173: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResponse Syntax

Type: AwsSecurityFindingFilters (p. 241) object

Required: NoGroupByAttribute (p. 150)

The updated GroupBy attribute that defines this insight.

Type: String

Pattern: .*\S.*

Required: NoName (p. 150)

The updated name for the insight.

Type: String

Pattern: .*\S.*

Required: No

Response SyntaxHTTP/1.1 200

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS accountlimits. The error code describes the limit exceeded.

HTTP Status Code: 429

API Version 2018-10-26159

Page 174: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-26160

Page 175: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceUpdateStandardsControl

UpdateStandardsControlUsed to control whether an individual security standard control is enabled or disabled.

Request SyntaxPATCH /standards/control/StandardsControlArn+ HTTP/1.1Content-type: application/json

{ "ControlStatus": "string", "DisabledReason": "string"}

URI Request ParametersThe request requires the following URI parameters.

StandardsControlArn (p. 161)

The ARN of the security standard control to enable or disable.

Pattern: .*\S.*

Request BodyThe request accepts the following data in JSON format.

ControlStatus (p. 161)

The updated status of the security standard control.

Type: String

Valid Values: ENABLED | DISABLED

Required: NoDisabledReason (p. 161)

A description of the reason why you are disabling a security standard control.

Type: String

Pattern: .*\S.*

Required: No

Response SyntaxHTTP/1.1 200

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

API Version 2018-10-26161

Page 176: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 314).

InternalException

Internal server error.

HTTP Status Code: 500InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an inputparameter.

HTTP Status Code: 400ResourceNotFoundException

The request was rejected because we can't find the specified resource.

HTTP Status Code: 404

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2018-10-26162

Page 177: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

Data TypesThe AWS Security Hub API contains several data types that various actions use. This section describeseach data type in detail.

NoteThe order of each element in a data type structure is not guaranteed. Applications should notassume a particular order.

The following data types are supported:

• AccountDetails (p. 166)• ActionTarget (p. 167)• AvailabilityZone (p. 168)• AwsCloudFrontDistributionDetails (p. 169)• AwsCloudFrontDistributionLogging (p. 171)• AwsCloudFrontDistributionOriginItem (p. 172)• AwsCloudFrontDistributionOrigins (p. 173)• AwsCodeBuildProjectDetails (p. 174)• AwsCodeBuildProjectEnvironment (p. 176)• AwsCodeBuildProjectEnvironmentRegistryCredential (p. 178)• AwsCodeBuildProjectSource (p. 179)• AwsCodeBuildProjectVpcConfig (p. 181)• AwsEc2InstanceDetails (p. 182)• AwsEc2NetworkInterfaceAttachment (p. 184)• AwsEc2NetworkInterfaceDetails (p. 186)• AwsEc2NetworkInterfaceSecurityGroup (p. 187)• AwsEc2SecurityGroupDetails (p. 188)• AwsEc2SecurityGroupIpPermission (p. 190)• AwsEc2SecurityGroupIpRange (p. 192)• AwsEc2SecurityGroupIpv6Range (p. 193)• AwsEc2SecurityGroupPrefixListId (p. 194)• AwsEc2SecurityGroupUserIdGroupPair (p. 195)• AwsElasticsearchDomainDetails (p. 197)• AwsElasticsearchDomainDomainEndpointOptions (p. 199)• AwsElasticsearchDomainEncryptionAtRestOptions (p. 200)• AwsElasticsearchDomainNodeToNodeEncryptionOptions (p. 201)• AwsElasticsearchDomainVPCOptions (p. 202)• AwsElbv2LoadBalancerDetails (p. 203)• AwsIamAccessKeyDetails (p. 205)• AwsIamRoleDetails (p. 207)• AwsKmsKeyDetails (p. 209)• AwsLambdaFunctionCode (p. 211)• AwsLambdaFunctionDeadLetterConfig (p. 212)• AwsLambdaFunctionDetails (p. 213)• AwsLambdaFunctionEnvironment (p. 216)

API Version 2018-10-26163

Page 178: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

• AwsLambdaFunctionEnvironmentError (p. 217)• AwsLambdaFunctionLayer (p. 218)• AwsLambdaFunctionTracingConfig (p. 219)• AwsLambdaFunctionVpcConfig (p. 220)• AwsLambdaLayerVersionDetails (p. 221)• AwsRdsDbInstanceAssociatedRole (p. 222)• AwsRdsDbInstanceDetails (p. 223)• AwsRdsDbInstanceEndpoint (p. 227)• AwsRdsDbInstanceVpcSecurityGroup (p. 228)• AwsS3BucketDetails (p. 229)• AwsS3BucketServerSideEncryptionByDefault (p. 230)• AwsS3BucketServerSideEncryptionConfiguration (p. 231)• AwsS3BucketServerSideEncryptionRule (p. 232)• AwsS3ObjectDetails (p. 233)• AwsSecurityFinding (p. 235)• AwsSecurityFindingFilters (p. 241)• AwsSecurityFindingIdentifier (p. 252)• AwsSnsTopicDetails (p. 253)• AwsSnsTopicSubscription (p. 254)• AwsSqsQueueDetails (p. 255)• AwsWafWebAclDetails (p. 256)• AwsWafWebAclRule (p. 257)• BatchUpdateFindingsUnprocessedFinding (p. 259)• Compliance (p. 260)• ContainerDetails (p. 261)• DateFilter (p. 262)• DateRange (p. 263)• ImportFindingsError (p. 264)• Insight (p. 265)• InsightResults (p. 266)• InsightResultValue (p. 267)• Invitation (p. 268)• IpFilter (p. 269)• KeywordFilter (p. 270)• LoadBalancerState (p. 271)• Malware (p. 272)• MapFilter (p. 273)• Member (p. 274)• Network (p. 276)• Note (p. 278)• NoteUpdate (p. 279)• NumberFilter (p. 280)• ProcessDetails (p. 281)• Product (p. 283)• Recommendation (p. 285)• RelatedFinding (p. 286)

API Version 2018-10-26164

Page 179: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

• Remediation (p. 287)• Resource (p. 288)• ResourceDetails (p. 290)• Result (p. 294)• Severity (p. 295)• SeverityUpdate (p. 296)• SortCriterion (p. 298)• Standard (p. 299)• StandardsControl (p. 300)• StandardsSubscription (p. 302)• StandardsSubscriptionRequest (p. 303)• StringFilter (p. 304)• ThreatIntelIndicator (p. 305)• WafAction (p. 307)• WafExcludedRule (p. 308)• WafOverrideAction (p. 309)• Workflow (p. 310)• WorkflowUpdate (p. 311)

API Version 2018-10-26165

Page 180: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAccountDetails

AccountDetailsThe details of an AWS account.

ContentsAccountId

The ID of an AWS account.

Type: String

Required: NoEmail

The email of an AWS account.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26166

Page 181: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceActionTarget

ActionTargetAn ActionTarget object.

ContentsActionTargetArn

The ARN for the target action.

Type: String

Pattern: .*\S.*

Required: YesDescription

The description of the target action.

Type: String

Pattern: .*\S.*

Required: YesName

The name of the action target.

Type: String

Pattern: .*\S.*

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26167

Page 182: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAvailabilityZone

AvailabilityZoneInformation about an Availability Zone.

ContentsSubnetId

The ID of the subnet. You can specify one subnet per Availability Zone.

Type: String

Pattern: .*\S.*

Required: NoZoneName

The name of the Availability Zone.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26168

Page 183: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsCloudFrontDistributionDetails

AwsCloudFrontDistributionDetailsA distribution configuration.

ContentsDomainName

The domain name corresponding to the distribution.

Type: String

Pattern: .*\S.*

Required: NoETag

The entity tag is a hash of the object.

Type: String

Pattern: .*\S.*

Required: NoLastModifiedTime

The date and time that the distribution was last modified.

Type: String

Pattern: .*\S.*

Required: NoLogging

A complex type that controls whether access logs are written for the distribution.

Type: AwsCloudFrontDistributionLogging (p. 171) object

Required: NoOrigins

A complex type that contains information about origins for this distribution.

Type: AwsCloudFrontDistributionOrigins (p. 173) object

Required: NoStatus

Indicates the current status of the distribution.

Type: String

Pattern: .*\S.*

Required: NoWebAclId

A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution.

API Version 2018-10-26169

Page 184: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26170

Page 185: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsCloudFrontDistributionLogging

AwsCloudFrontDistributionLoggingA complex type that controls whether access logs are written for the distribution.

ContentsBucket

The Amazon S3 bucket to store the access logs in.

Type: String

Pattern: .*\S.*

Required: NoEnabled

With this field, you can enable or disable the selected distribution.

Type: Boolean

Required: NoIncludeCookies

Specifies whether you want CloudFront to include cookies in access logs.

Type: Boolean

Required: NoPrefix

An optional string that you want CloudFront to use as a prefix to the access log filenames for thisdistribution.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26171

Page 186: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsCloudFrontDistributionOriginItem

AwsCloudFrontDistributionOriginItemA complex type that describes the Amazon S3 bucket, HTTP server (for example, a web server), AmazonMediaStore, or other server from which CloudFront gets your files.

ContentsDomainName

Amazon S3 origins: The DNS name of the Amazon S3 bucket from which you want CloudFront to getobjects for this origin.

Type: String

Pattern: .*\S.*

Required: NoId

A unique identifier for the origin or origin group.

Type: String

Pattern: .*\S.*

Required: NoOriginPath

An optional element that causes CloudFront to request your content from a directory in yourAmazon S3 bucket or your custom origin.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26172

Page 187: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsCloudFrontDistributionOrigins

AwsCloudFrontDistributionOriginsA complex type that contains information about origins and origin groups for this distribution.

ContentsItems

A complex type that contains origins or origin groups for this distribution.

Type: Array of AwsCloudFrontDistributionOriginItem (p. 172) objects

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26173

Page 188: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsCodeBuildProjectDetails

AwsCodeBuildProjectDetailsInformation about an AWS CodeBuild project.

ContentsEncryptionKey

The AWS Key Management Service (AWS KMS) customer master key (CMK) used to encrypt the buildoutput artifacts.

You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK alias(using the format alias/alias-name).

Type: String

Pattern: .*\S.*

Required: NoEnvironment

Information about the build environment for this build project.

Type: AwsCodeBuildProjectEnvironment (p. 176) object

Required: NoName

The name of the build project.

Type: String

Pattern: .*\S.*

Required: NoServiceRole

The ARN of the IAM role that enables AWS CodeBuild to interact with dependent AWS services onbehalf of the AWS account.

Type: String

Pattern: .*\S.*

Required: NoSource

Information about the build input source code for this build project.

Type: AwsCodeBuildProjectSource (p. 179) object

Required: NoVpcConfig

Information about the VPC configuration that AWS CodeBuild accesses.

Type: AwsCodeBuildProjectVpcConfig (p. 181) object

API Version 2018-10-26174

Page 189: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26175

Page 190: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsCodeBuildProjectEnvironment

AwsCodeBuildProjectEnvironmentInformation about the build environment for this build project.

ContentsCertificate

The certificate to use with this build project.

Type: String

Pattern: .*\S.*

Required: NoImagePullCredentialsType

The type of credentials AWS CodeBuild uses to pull images in your build.

Valid values:• CODEBUILD specifies that AWS CodeBuild uses its own credentials. This requires that you modify

your ECR repository policy to trust the AWS CodeBuild service principal.• SERVICE_ROLE specifies that AWS CodeBuild uses your build project's service role.

When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials.When you use an AWS CodeBuild curated image, you must use CODEBUILD credentials.

Type: String

Pattern: .*\S.*

Required: NoRegistryCredential

The credentials for access to a private registry.

Type: AwsCodeBuildProjectEnvironmentRegistryCredential (p. 178) object

Required: NoType

The type of build environment to use for related builds.

The environment type ARM_CONTAINER is available only in regions US East (N. Virginia), US East(Ohio), US West (Oregon), Europe (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific(Sydney), and Europe (Frankfurt).

The environment type LINUX_CONTAINER with compute type build.general1.2xlarge is availableonly in regions US East (N. Virginia), US East (N. Virginia), US West (Oregon), Canada (Central),Europe (Ireland), Europe (London), Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), AsiaPacific (Singapore), Asia Pacific (Sydney), China (Beijing), and China (Ningxia).

The environment type LINUX_GPU_CONTAINER is available only in regions US East (N. Virginia), USEast (N. Virginia), US West (Oregon), Canada (Central), Europe (Ireland), Europe (London), Europe(Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney) ,China (Beijing), and China (Ningxia).

API Version 2018-10-26176

Page 191: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Valid values: WINDOWS_CONTAINER | LINUX_CONTAINER | LINUX_GPU_CONTAINER |ARM_CONTAINER

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26177

Page 192: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsCodeBuildProjectEnvironmentRegistryCredential

AwsCodeBuildProjectEnvironmentRegistryCredentialThe credentials for access to a private registry.

ContentsCredential

The Amazon Resource Name (ARN) or name of credentials created using AWS Secrets Manager.

NoteThe credential can use the name of the credentials only if they exist in your current AWSRegion.

Type: String

Pattern: .*\S.*

Required: NoCredentialProvider

The service that created the credentials to access a private Docker registry.

The valid value, SECRETS_MANAGER, is for AWS Secrets Manager.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26178

Page 193: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsCodeBuildProjectSource

AwsCodeBuildProjectSourceInformation about the build input source code for this build project.

ContentsGitCloneDepth

Information about the Git clone depth for the build project.

Type: Integer

Required: NoInsecureSsl

Whether to ignore SSL warnings while connecting to the project source code.

Type: Boolean

Required: NoLocation

Information about the location of the source code to be built.

Valid values include:• For source code settings that are specified in the source action of a pipeline in AWS CodePipeline,

location should not be specified. If it is specified, AWS CodePipeline ignores it. This is because AWSCodePipeline uses the settings in a pipeline's source action instead of this value.

• For source code in an AWS CodeCommit repository, the HTTPS clone URL to the repositorythat contains the source code and the buildspec file (for example, https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ).

• For source code in an S3 input bucket, one of the following.• The path to the ZIP file that contains the source code (for example, bucket-name/path/to/object-name.zip).

• The path to the folder that contains the source code (for example, bucket-name/path/to/source-code/folder/).

• For source code in a GitHub repository, the HTTPS clone URL to the repository that contains thesource and the buildspec file.

• For source code in a Bitbucket repository, the HTTPS clone URL to the repository that contains thesource and the buildspec file.

Type: String

Pattern: .*\S.*

Required: NoType

The type of repository that contains the source code to be built. Valid values are:• BITBUCKET - The source code is in a Bitbucket repository.• CODECOMMIT - The source code is in an AWS CodeCommit repository.• CODEPIPELINE - The source code settings are specified in the source action of a pipeline in AWS

CodePipeline.• GITHUB - The source code is in a GitHub repository.

API Version 2018-10-26179

Page 194: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

• GITHUB_ENTERPRISE - The source code is in a GitHub Enterprise repository.• NO_SOURCE - The project does not have input source code.• S3 - The source code is in an S3 input bucket.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26180

Page 195: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsCodeBuildProjectVpcConfig

AwsCodeBuildProjectVpcConfigInformation about the VPC configuration that AWS CodeBuild accesses.

ContentsSecurityGroupIds

A list of one or more security group IDs in your Amazon VPC.

Type: Array of strings

Pattern: .*\S.*

Required: NoSubnets

A list of one or more subnet IDs in your Amazon VPC.

Type: Array of strings

Pattern: .*\S.*

Required: NoVpcId

The ID of the VPC.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26181

Page 196: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsEc2InstanceDetails

AwsEc2InstanceDetailsThe details of an Amazon EC2 instance.

ContentsIamInstanceProfileArn

The IAM profile ARN of the instance.

Type: String

Pattern: .*\S.*

Required: NoImageId

The Amazon Machine Image (AMI) ID of the instance.

Type: String

Pattern: .*\S.*

Required: NoIpV4Addresses

The IPv4 addresses associated with the instance.

Type: Array of strings

Pattern: .*\S.*

Required: NoIpV6Addresses

The IPv6 addresses associated with the instance.

Type: Array of strings

Pattern: .*\S.*

Required: NoKeyName

The key name associated with the instance.

Type: String

Pattern: .*\S.*

Required: NoLaunchedAt

The date/time the instance was launched.

Type: String

Pattern: .*\S.*

API Version 2018-10-26182

Page 197: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Required: NoSubnetId

The identifier of the subnet that the instance was launched in.

Type: String

Pattern: .*\S.*

Required: NoType

The instance type of the instance.

Type: String

Pattern: .*\S.*

Required: NoVpcId

The identifier of the VPC that the instance was launched in.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26183

Page 198: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsEc2NetworkInterfaceAttachment

AwsEc2NetworkInterfaceAttachmentInformation about the network interface attachment.

ContentsAttachmentId

The identifier of the network interface attachment

Type: String

Pattern: .*\S.*

Required: NoAttachTime

The timestamp indicating when the attachment initiated.

Type: String

Pattern: .*\S.*

Required: NoDeleteOnTermination

Indicates whether the network interface is deleted when the instance is terminated.

Type: Boolean

Required: NoDeviceIndex

The device index of the network interface attachment on the instance.

Type: Integer

Required: NoInstanceId

The ID of the instance.

Type: String

Pattern: .*\S.*

Required: NoInstanceOwnerId

The AWS account ID of the owner of the instance.

Type: String

Pattern: .*\S.*

Required: NoStatus

The attachment state.

API Version 2018-10-26184

Page 199: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Valid values: attaching | attached | detaching | detached

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26185

Page 200: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsEc2NetworkInterfaceDetails

AwsEc2NetworkInterfaceDetailsDetails about the network interface

ContentsAttachment

The network interface attachment.

Type: AwsEc2NetworkInterfaceAttachment (p. 184) object

Required: NoNetworkInterfaceId

The ID of the network interface.

Type: String

Pattern: .*\S.*

Required: NoSecurityGroups

Security groups for the network interface.

Type: Array of AwsEc2NetworkInterfaceSecurityGroup (p. 187) objects

Required: NoSourceDestCheck

Indicates whether traffic to or from the instance is validated.

Type: Boolean

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26186

Page 201: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsEc2NetworkInterfaceSecurityGroup

AwsEc2NetworkInterfaceSecurityGroupA security group associated with the network interface.

ContentsGroupId

The ID of the security group.

Type: String

Pattern: .*\S.*

Required: NoGroupName

The name of the security group.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26187

Page 202: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsEc2SecurityGroupDetails

AwsEc2SecurityGroupDetailsDetails about an EC2 security group.

ContentsGroupId

The ID of the security group.

Type: String

Pattern: .*\S.*

Required: No

GroupName

The name of the security group.

Type: String

Pattern: .*\S.*

Required: No

IpPermissions

The inbound rules associated with the security group.

Type: Array of AwsEc2SecurityGroupIpPermission (p. 190) objects

Required: No

IpPermissionsEgress

[VPC only] The outbound rules associated with the security group.

Type: Array of AwsEc2SecurityGroupIpPermission (p. 190) objects

Required: No

OwnerId

The AWS account ID of the owner of the security group.

Type: String

Pattern: .*\S.*

Required: No

VpcId

[VPC only] The ID of the VPC for the security group.

Type: String

Pattern: .*\S.*

Required: No

API Version 2018-10-26188

Page 203: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26189

Page 204: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsEc2SecurityGroupIpPermission

AwsEc2SecurityGroupIpPermissionAn IP permission for an EC2 security group.

ContentsFromPort

The start of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.

A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you mustspecify all codes.

Type: Integer

Required: NoIpProtocol

The IP protocol name (tcp, udp, icmp, icmpv6) or number.

[VPC only] Use -1 to specify all protocols.

When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp,icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify.

For tcp, udp, and icmp, you must specify a port range.

For icmpv6, the port range is optional. If you omit the port range, traffic for all types and codes isallowed.

Type: String

Pattern: .*\S.*

Required: NoIpRanges

The IPv4 ranges.

Type: Array of AwsEc2SecurityGroupIpRange (p. 192) objects

Required: NoIpv6Ranges

The IPv6 ranges.

Type: Array of AwsEc2SecurityGroupIpv6Range (p. 193) objects

Required: NoPrefixListIds

[VPC only] The prefix list IDs for an AWS service. With outbound rules, this is the AWS service toaccess through a VPC endpoint from instances associated with the security group.

Type: Array of AwsEc2SecurityGroupPrefixListId (p. 194) objects

Required: No

API Version 2018-10-26190

Page 205: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

ToPort

The end of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.

A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you mustspecify all codes.

Type: Integer

Required: NoUserIdGroupPairs

The security group and AWS account ID pairs.

Type: Array of AwsEc2SecurityGroupUserIdGroupPair (p. 195) objects

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26191

Page 206: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsEc2SecurityGroupIpRange

AwsEc2SecurityGroupIpRangeA range of IPv4 addresses.

ContentsCidrIp

The IPv4 CIDR range. You can either specify either a CIDR range or a source security group, but notboth. To specify a single IPv4 address, use the /32 prefix length.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26192

Page 207: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsEc2SecurityGroupIpv6Range

AwsEc2SecurityGroupIpv6RangeA range of IPv6 addresses.

ContentsCidrIpv6

The IPv6 CIDR range. You can either specify either a CIDR range or a source security group, but notboth. To specify a single IPv6 address, use the /128 prefix length.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26193

Page 208: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsEc2SecurityGroupPrefixListId

AwsEc2SecurityGroupPrefixListIdA prefix list ID.

ContentsPrefixListId

The ID of the prefix.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26194

Page 209: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsEc2SecurityGroupUserIdGroupPair

AwsEc2SecurityGroupUserIdGroupPairA relationship between a security group and a user.

ContentsGroupId

The ID of the security group.

Type: String

Pattern: .*\S.*

Required: NoGroupName

The name of the security group.

Type: String

Pattern: .*\S.*

Required: NoPeeringStatus

The status of a VPC peering connection, if applicable.

Type: String

Pattern: .*\S.*

Required: NoUserId

The ID of an AWS account.

For a referenced security group in another VPC, the account ID of the referenced security group isreturned in the response. If the referenced security group is deleted, this value is not returned.

[EC2-Classic] Required when adding or removing rules that reference a security group in anotherAWS.

Type: String

Pattern: .*\S.*

Required: NoVpcId

The ID of the VPC for the referenced security group, if applicable.

Type: String

Pattern: .*\S.*

Required: No

API Version 2018-10-26195

Page 210: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

VpcPeeringConnectionId

The ID of the VPC peering connection, if applicable.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26196

Page 211: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsElasticsearchDomainDetails

AwsElasticsearchDomainDetailsInformation about an Elasticsearch domain.

ContentsAccessPolicies

IAM policy document specifying the access policies for the new Amazon ES domain.

Type: String

Pattern: .*\S.*

Required: NoDomainEndpointOptions

Additional options for the domain endpoint.

Type: AwsElasticsearchDomainDomainEndpointOptions (p. 199) object

Required: NoDomainId

Unique identifier for an Amazon ES domain.

Type: String

Pattern: .*\S.*

Required: NoDomainName

Name of an Amazon ES domain.

Domain names are unique across all domains owned by the same account within an AWS Region.

Domain names must start with a lowercase letter and must be between 3 and 28 characters.

Valid characters are a-z (lowercase only), 0-9, and – (hyphen).

Type: String

Pattern: .*\S.*

Required: NoElasticsearchVersion

Elasticsearch version.

Type: String

Pattern: .*\S.*

Required: NoEncryptionAtRestOptions

Details about the configuration for encryption at rest.

API Version 2018-10-26197

Page 212: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Type: AwsElasticsearchDomainEncryptionAtRestOptions (p. 200) object

Required: NoEndpoint

Domain-specific endpoint used to submit index, search, and data upload requests to an Amazon ESdomain.

The endpoint is a service URL.

Type: String

Pattern: .*\S.*

Required: NoEndpoints

The key-value pair that exists if the Amazon ES domain uses VPC endpoints.

Type: String to string map

Key Pattern: .*\S.*

Value Pattern: .*\S.*

Required: NoNodeToNodeEncryptionOptions

Details about the configuration for node-to-node encryption.

Type: AwsElasticsearchDomainNodeToNodeEncryptionOptions (p. 201) object

Required: NoVPCOptions

Information that Amazon ES derives based on VPCOptions for the domain.

Type: AwsElasticsearchDomainVPCOptions (p. 202) object

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26198

Page 213: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsElasticsearchDomainDomainEndpointOptions

AwsElasticsearchDomainDomainEndpointOptionsAdditional options for the domain endpoint, such as whether to require HTTPS for all traffic.

ContentsEnforceHTTPS

Whether to require that all traffic to the domain arrive over HTTPS.

Type: Boolean

Required: NoTLSSecurityPolicy

The TLS security policy to apply to the HTTPS endpoint of the Elasticsearch domain.

Valid values:• Policy-Min-TLS-1-0-2019-07, which supports TLSv1.0 and higher• Policy-Min-TLS-1-2-2019-07, which only supports TLSv1.2

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26199

Page 214: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsElasticsearchDomainEncryptionAtRestOptions

AwsElasticsearchDomainEncryptionAtRestOptionsDetails about the configuration for encryption at rest.

ContentsEnabled

Whether encryption at rest is enabled.

Type: Boolean

Required: NoKmsKeyId

The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26200

Page 215: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsElasticsearchDomainNodeToNodeEncryptionOptions

AwsElasticsearchDomainNodeToNodeEncryptionOptionsDetails about the configuration for node-to-node encryption.

ContentsEnabled

Whether node-to-node encryption is enabled.

Type: Boolean

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26201

Page 216: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsElasticsearchDomainVPCOptions

AwsElasticsearchDomainVPCOptionsInformation that Amazon ES derives based on VPCOptions for the domain.

ContentsAvailabilityZones

The list of Availability Zones associated with the VPC subnets.

Type: Array of strings

Pattern: .*\S.*

Required: NoSecurityGroupIds

The list of security group IDs associated with the VPC endpoints for the domain.

Type: Array of strings

Pattern: .*\S.*

Required: NoSubnetIds

A list of subnet IDs associated with the VPC endpoints for the domain.

Type: Array of strings

Pattern: .*\S.*

Required: NoVPCId

ID for the VPC.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26202

Page 217: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsElbv2LoadBalancerDetails

AwsElbv2LoadBalancerDetailsInformation about a load balancer.

ContentsAvailabilityZones

The Availability Zones for the load balancer.

Type: Array of AvailabilityZone (p. 168) objects

Required: NoCanonicalHostedZoneId

The ID of the Amazon Route 53 hosted zone associated with the load balancer.

Type: String

Pattern: .*\S.*

Required: NoCreatedTime

The date and time the load balancer was created.

Type: String

Pattern: .*\S.*

Required: NoDNSName

The public DNS name of the load balancer.

Type: String

Pattern: .*\S.*

Required: NoIpAddressType

The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4(for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses).

Type: String

Pattern: .*\S.*

Required: NoScheme

The nodes of an Internet-facing load balancer have public IP addresses.

Type: String

Pattern: .*\S.*

Required: No

API Version 2018-10-26203

Page 218: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

SecurityGroups

The IDs of the security groups for the load balancer.

Type: Array of strings

Pattern: .*\S.*

Required: NoState

The state of the load balancer.

Type: LoadBalancerState (p. 271) object

Required: NoType

The type of load balancer.

Type: String

Pattern: .*\S.*

Required: NoVpcId

The ID of the VPC for the load balancer.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26204

Page 219: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsIamAccessKeyDetails

AwsIamAccessKeyDetailsIAM access key details related to a finding.

ContentsCreatedAt

The creation date/time of the IAM access key related to a finding.

Type: String

Pattern: .*\S.*

Required: NoPrincipalId

The ID of the principal associated with an access key.

Type: String

Pattern: .*\S.*

Required: NoPrincipalName

The name of the principal.

Type: String

Pattern: .*\S.*

Required: NoPrincipalType

The type of principal associated with an access key.

Type: String

Pattern: .*\S.*

Required: NoStatus

The status of the IAM access key related to a finding.

Type: String

Valid Values: Active | Inactive

Required: NoUserName

This member has been deprecated.

The user associated with the IAM access key related to a finding.

The UserName parameter has been replaced with the PrincipalName parameter because accesskeys can also be assigned to principals that are not IAM users.

API Version 2018-10-26205

Page 220: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26206

Page 221: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsIamRoleDetails

AwsIamRoleDetailsContains information about an IAM role, including all of the role's policies.

ContentsAssumeRolePolicyDocument

The trust policy that grants permission to assume the role.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 131072.

Pattern: [\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]+

Required: NoCreateDate

The date and time, in ISO 8601 date-time format, when the role was created.

Type: String

Pattern: .*\S.*

Required: NoMaxSessionDuration

The maximum session duration (in seconds) that you want to set for the specified role.

Type: Integer

Required: NoPath

The path to the role.

Type: String

Pattern: .*\S.*

Required: NoRoleId

The stable and unique string identifying the role.

Type: String

Pattern: .*\S.*

Required: NoRoleName

The friendly name that identifies the role.

Type: String

Pattern: .*\S.*

API Version 2018-10-26207

Page 222: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26208

Page 223: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsKmsKeyDetails

AwsKmsKeyDetailsContains metadata about a customer master key (CMK).

ContentsAWSAccountId

The twelve-digit account ID of the AWS account that owns the CMK.

Type: String

Pattern: .*\S.*

Required: NoCreationDate

The date and time when the CMK was created.

Type: Double

Required: NoKeyId

The globally unique identifier for the CMK.

Type: String

Pattern: .*\S.*

Required: NoKeyManager

The manager of the CMK. CMKs in your AWS account are either customer managed or AWSmanaged.

Type: String

Pattern: .*\S.*

Required: NoKeyState

The state of the CMK.

Type: String

Pattern: .*\S.*

Required: NoOrigin

The source of the CMK's key material.

When this value is AWS_KMS, AWS KMS created the key material.

When this value is EXTERNAL, the key material was imported from your existing key managementinfrastructure or the CMK lacks key material.

API Version 2018-10-26209

Page 224: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

When this value is AWS_CLOUDHSM, the key material was created in the AWS CloudHSM clusterassociated with a custom key store.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26210

Page 225: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsLambdaFunctionCode

AwsLambdaFunctionCodeThe code for the Lambda function. You can specify either an object in Amazon S3, or upload adeployment package directly.

ContentsS3Bucket

An Amazon S3 bucket in the same AWS Region as your function. The bucket can be in a differentAWS account.

Type: String

Pattern: .*\S.*

Required: NoS3Key

The Amazon S3 key of the deployment package.

Type: String

Pattern: .*\S.*

Required: NoS3ObjectVersion

For versioned objects, the version of the deployment package object to use.

Type: String

Pattern: .*\S.*

Required: NoZipFile

The base64-encoded contents of the deployment package. AWS SDK and AWS CLI clients handle theencoding for you.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26211

Page 226: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsLambdaFunctionDeadLetterConfig

AwsLambdaFunctionDeadLetterConfigThe dead-letter queue for failed asynchronous invocations.

ContentsTargetArn

The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26212

Page 227: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsLambdaFunctionDetails

AwsLambdaFunctionDetailsDetails about a function's configuration.

ContentsCode

An AwsLambdaFunctionCode object.

Type: AwsLambdaFunctionCode (p. 211) object

Required: NoCodeSha256

The SHA256 hash of the function's deployment package.

Type: String

Pattern: .*\S.*

Required: NoDeadLetterConfig

The function's dead letter queue.

Type: AwsLambdaFunctionDeadLetterConfig (p. 212) object

Required: NoEnvironment

The function's environment variables.

Type: AwsLambdaFunctionEnvironment (p. 216) object

Required: NoFunctionName

The name of the function.

Type: String

Pattern: .*\S.*

Required: NoHandler

The function that Lambda calls to begin executing your function.

Type: String

Pattern: .*\S.*

Required: NoKmsKeyArn

The KMS key that's used to encrypt the function's environment variables. This key is only returned ifyou've configured a customer managed CMK.

API Version 2018-10-26213

Page 228: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

Type: String

Pattern: .*\S.*

Required: NoLastModified

The date and time that the function was last updated, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD).

Type: String

Pattern: .*\S.*

Required: NoLayers

The function's layers.

Type: Array of AwsLambdaFunctionLayer (p. 218) objects

Required: NoMasterArn

For Lambda@Edge functions, the ARN of the master function.

Type: String

Pattern: .*\S.*

Required: NoMemorySize

The memory that's allocated to the function.

Type: Integer

Required: NoRevisionId

The latest updated revision of the function or alias.

Type: String

Pattern: .*\S.*

Required: NoRole

The function's execution role.

Type: String

Pattern: .*\S.*

Required: NoRuntime

The runtime environment for the Lambda function.

API Version 2018-10-26214

Page 229: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Type: String

Pattern: .*\S.*

Required: NoTimeout

The amount of time that Lambda allows a function to run before stopping it.

Type: Integer

Required: NoTracingConfig

The function's AWS X-Ray tracing configuration.

Type: AwsLambdaFunctionTracingConfig (p. 219) object

Required: NoVersion

The version of the Lambda function.

Type: String

Pattern: .*\S.*

Required: NoVpcConfig

The function's networking configuration.

Type: AwsLambdaFunctionVpcConfig (p. 220) object

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26215

Page 230: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsLambdaFunctionEnvironment

AwsLambdaFunctionEnvironmentA function's environment variable settings.

ContentsError

An AwsLambdaFunctionEnvironmentError object.

Type: AwsLambdaFunctionEnvironmentError (p. 217) object

Required: NoVariables

Environment variable key-value pairs.

Type: String to string map

Key Pattern: .*\S.*

Value Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26216

Page 231: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsLambdaFunctionEnvironmentError

AwsLambdaFunctionEnvironmentErrorError messages for environment variables that couldn't be applied.

ContentsErrorCode

The error code.

Type: String

Pattern: .*\S.*

Required: NoMessage

The error message.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26217

Page 232: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsLambdaFunctionLayer

AwsLambdaFunctionLayerAn AWS Lambda layer.

ContentsArn

The Amazon Resource Name (ARN) of the function layer.

Type: String

Pattern: .*\S.*

Required: NoCodeSize

The size of the layer archive in bytes.

Type: Integer

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26218

Page 233: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsLambdaFunctionTracingConfig

AwsLambdaFunctionTracingConfigThe function's AWS X-Ray tracing configuration.

ContentsMode

The tracing mode.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26219

Page 234: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsLambdaFunctionVpcConfig

AwsLambdaFunctionVpcConfigThe VPC security groups and subnets that are attached to a Lambda function. For more information, seeVPC Settings.

ContentsSecurityGroupIds

A list of VPC security groups IDs.

Type: Array of strings

Pattern: .*\S.*

Required: NoSubnetIds

A list of VPC subnet IDs.

Type: Array of strings

Pattern: .*\S.*

Required: NoVpcId

The ID of the VPC.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26220

Page 235: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsLambdaLayerVersionDetails

AwsLambdaLayerVersionDetailsDetails about a Lambda layer version.

ContentsCompatibleRuntimes

The layer's compatible runtimes. Maximum number of 5 items.

Valid values: nodejs10.x | nodejs12.x | java8 | java11 | python2.7 | python3.6 | python3.7| python3.8 | dotnetcore1.0 | dotnetcore2.1 | go1.x | ruby2.5 | provided

Type: Array of strings

Pattern: .*\S.*

Required: NoCreatedDate

The date that the version was created, in ISO 8601 format. For example,2018-11-27T15:10:45.123+0000.

Type: String

Pattern: .*\S.*

Required: NoVersion

The version number.

Type: Long

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26221

Page 236: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsRdsDbInstanceAssociatedRole

AwsRdsDbInstanceAssociatedRoleAn AWS Identity and Access Management (IAM) role associated with the DB instance.

ContentsFeatureName

The name of the feature associated with the IAM)role.

Type: String

Pattern: .*\S.*

Required: NoRoleArn

The Amazon Resource Name (ARN) of the IAM role that is associated with the DB instance.

Type: String

Pattern: .*\S.*

Required: NoStatus

Describes the state of the association between the IAM role and the DB instance. The Statusproperty returns one of the following values:• ACTIVE - the IAM role ARN is associated with the DB instance and can be used to access other

AWS services on your behalf.• PENDING - the IAM role ARN is being associated with the DB instance.• INVALID - the IAM role ARN is associated with the DB instance, but the DB instance is unable to

assume the IAM role in order to access other AWS services on your behalf.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26222

Page 237: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsRdsDbInstanceDetails

AwsRdsDbInstanceDetailsContains the details of an Amazon RDS DB instance.

ContentsAssociatedRoles

The AWS Identity and Access Management (IAM) roles associated with the DB instance.

Type: Array of AwsRdsDbInstanceAssociatedRole (p. 222) objects

Required: NoCACertificateIdentifier

The identifier of the CA certificate for this DB instance.

Type: String

Pattern: .*\S.*

Required: NoDBClusterIdentifier

If the DB instance is a member of a DB cluster, contains the name of the DB cluster that the DBinstance is a member of.

Type: String

Pattern: .*\S.*

Required: NoDBInstanceClass

Contains the name of the compute and memory capacity class of the DB instance.

Type: String

Pattern: .*\S.*

Required: NoDBInstanceIdentifier

Contains a user-supplied database identifier. This identifier is the unique key that identifies a DBinstance.

Type: String

Pattern: .*\S.*

Required: NoDbInstancePort

Specifies the port that the DB instance listens on. If the DB instance is part of a DB cluster, this canbe a different port than the DB cluster port.

Type: Integer

API Version 2018-10-26223

Page 238: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

Required: NoDbiResourceId

The AWS Region-unique, immutable identifier for the DB instance. This identifier is found in AWSCloudTrail log entries whenever the AWS KMS key for the DB instance is accessed.

Type: String

Pattern: .*\S.*

Required: NoDBName

The meaning of this parameter differs according to the database engine you use.

MySQL, MariaDB, SQL Server, PostgreSQL

Contains the name of the initial database of this instance that was provided at create time, if onewas specified when the DB instance was created. This same name is returned for the life of the DBinstance.

Oracle

Contains the Oracle System ID (SID) of the created DB instance. Not shown when the returnedparameters do not apply to an Oracle DB instance.

Type: String

Pattern: .*\S.*

Required: NoDeletionProtection

Indicates whether the DB instance has deletion protection enabled.

When deletion protection is enabled, the database cannot be deleted.

Type: Boolean

Required: NoEndpoint

Specifies the connection endpoint.

Type: AwsRdsDbInstanceEndpoint (p. 227) object

Required: NoEngine

Provides the name of the database engine to use for this DB instance.

Type: String

Pattern: .*\S.*

Required: NoEngineVersion

Indicates the database engine version.

API Version 2018-10-26224

Page 239: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

Type: String

Pattern: .*\S.*

Required: NoIAMDatabaseAuthenticationEnabled

True if mapping of AWS Identity and Access Management (IAM) accounts to database accounts isenabled, and otherwise false.

IAM database authentication can be enabled for the following database engines.• For MySQL 5.6, minor version 5.6.34 or higher• For MySQL 5.7, minor version 5.7.16 or higher• Aurora 5.6 or higher

Type: Boolean

Required: NoInstanceCreateTime

Provides the date and time the DB instance was created.

Type: String

Pattern: .*\S.*

Required: NoKmsKeyId

If StorageEncrypted is true, the AWS KMS key identifier for the encrypted DB instance.

Type: String

Pattern: .*\S.*

Required: NoPubliclyAccessible

Specifies the accessibility options for the DB instance.

A value of true specifies an Internet-facing instance with a publicly resolvable DNS name, whichresolves to a public IP address.

A value of false specifies an internal instance with a DNS name that resolves to a private IP address.

Type: Boolean

Required: NoStorageEncrypted

Specifies whether the DB instance is encrypted.

Type: Boolean

Required: NoTdeCredentialArn

The ARN from the key store with which the instance is associated for TDE encryption.

API Version 2018-10-26225

Page 240: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Type: String

Pattern: .*\S.*

Required: NoVpcSecurityGroups

A list of VPC security groups that the DB instance belongs to.

Type: Array of AwsRdsDbInstanceVpcSecurityGroup (p. 228) objects

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26226

Page 241: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsRdsDbInstanceEndpoint

AwsRdsDbInstanceEndpointSpecifies the connection endpoint.

ContentsAddress

Specifies the DNS address of the DB instance.

Type: String

Pattern: .*\S.*

Required: NoHostedZoneId

Specifies the ID that Amazon Route 53 assigns when you create a hosted zone.

Type: String

Pattern: .*\S.*

Required: NoPort

Specifies the port that the database engine is listening on.

Type: Integer

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26227

Page 242: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsRdsDbInstanceVpcSecurityGroup

AwsRdsDbInstanceVpcSecurityGroupA VPC security groups that the DB instance belongs to.

ContentsStatus

The status of the VPC security group.

Type: String

Pattern: .*\S.*

Required: NoVpcSecurityGroupId

The name of the VPC security group.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26228

Page 243: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsS3BucketDetails

AwsS3BucketDetailsThe details of an Amazon S3 bucket.

ContentsCreatedAt

The date and time when the S3 bucket was created.

Type: String

Pattern: .*\S.*

Required: NoOwnerId

The canonical user ID of the owner of the S3 bucket.

Type: String

Pattern: .*\S.*

Required: NoOwnerName

The display name of the owner of the S3 bucket.

Type: String

Pattern: .*\S.*

Required: NoServerSideEncryptionConfiguration

The encryption rules that are applied to the S3 bucket.

Type: AwsS3BucketServerSideEncryptionConfiguration (p. 231) object

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26229

Page 244: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsS3BucketServerSideEncryptionByDefault

AwsS3BucketServerSideEncryptionByDefaultSpecifies the default server-side encryption to apply to new objects in the bucket.

ContentsKMSMasterKeyID

AWS KMS customer master key (CMK) ID to use for the default encryption.

Type: String

Pattern: .*\S.*

Required: NoSSEAlgorithm

Server-side encryption algorithm to use for the default encryption.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26230

Page 245: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsS3BucketServerSideEncryptionConfiguration

AwsS3BucketServerSideEncryptionConfigurationThe encryption configuration for the S3 bucket.

ContentsRules

The encryption rules that are applied to the S3 bucket.

Type: Array of AwsS3BucketServerSideEncryptionRule (p. 232) objects

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26231

Page 246: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsS3BucketServerSideEncryptionRule

AwsS3BucketServerSideEncryptionRuleAn encryption rule to apply to the S3 bucket.

ContentsApplyServerSideEncryptionByDefault

Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Objectrequest doesn't specify any server-side encryption, this default encryption is applied.

Type: AwsS3BucketServerSideEncryptionByDefault (p. 230) object

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26232

Page 247: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsS3ObjectDetails

AwsS3ObjectDetailsDetails about an AWS S3 object.

ContentsContentType

A standard MIME type describing the format of the object data.

Type: String

Pattern: .*\S.*

Required: NoETag

The opaque identifier assigned by a web server to a specific version of a resource found at a URL.

Type: String

Pattern: .*\S.*

Required: NoLastModified

The date and time when the object was last modified.

Type: String

Pattern: .*\S.*

Required: NoServerSideEncryption

If the object is stored using server-side encryption, the value of the server-side encryption algorithmused when storing this object in Amazon S3.

Type: String

Pattern: .*\S.*

Required: NoSSEKMSKeyId

The identifier of the AWS Key Management Service (AWS KMS) symmetric customer managedcustomer master key (CMK) that was used for the object.

Type: String

Pattern: .*\S.*

Required: NoVersionId

The version of the object.

Type: String

API Version 2018-10-26233

Page 248: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26234

Page 249: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsSecurityFinding

AwsSecurityFindingProvides consistent format for the contents of the Security Hub-aggregated findings.AwsSecurityFinding format enables you to share findings between AWS security services and third-party solutions, and security standards checks.

NoteA finding is a potential security issue generated either by AWS services (Amazon GuardDuty,Amazon Inspector, and Amazon Macie) or by the integrated third-party solutions and standardschecks.

ContentsAwsAccountId

The AWS account ID that a finding is generated in.

Type: String

Pattern: .*\S.*

Required: YesCompliance

This data type is exclusive to findings that are generated as the result of a check run against aspecific rule in a supported security standard, such as CIS AWS Foundations. Contains securitystandard-related finding details.

Type: Compliance (p. 260) object

Required: NoConfidence

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies thebehavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidenceand 100 means 100 percent confidence.

Type: Integer

Required: NoCreatedAt

An ISO8601-formatted timestamp that indicates when the security-findings provider created thepotential security issue that a finding captured.

Type: String

Pattern: .*\S.*

Required: YesCriticality

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reservedfor the most critical resources.

API Version 2018-10-26235

Page 250: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

Type: Integer

Required: NoDescription

A finding's description.

NoteIn this release, Description is a required property.

Type: String

Pattern: .*\S.*

Required: YesFirstObservedAt

An ISO8601-formatted timestamp that indicates when the security-findings provider first observedthe potential security issue that a finding captured.

Type: String

Pattern: .*\S.*

Required: NoGeneratorId

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.In various security-findings providers' solutions, this generator can be called a rule, a check, adetector, a plug-in, etc.

Type: String

Pattern: .*\S.*

Required: YesId

The security findings provider-specific identifier for a finding.

Type: String

Pattern: .*\S.*

Required: YesLastObservedAt

An ISO8601-formatted timestamp that indicates when the security-findings provider most recentlyobserved the potential security issue that a finding captured.

Type: String

Pattern: .*\S.*

Required: NoMalware

A list of malware related to a finding.

Type: Array of Malware (p. 272) objects

API Version 2018-10-26236

Page 251: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

Required: NoNetwork

The details of network-related information about a finding.

Type: Network (p. 276) object

Required: NoNote

A user-defined note added to a finding.

Type: Note (p. 278) object

Required: NoProcess

The details of process-related information about a finding.

Type: ProcessDetails (p. 281) object

Required: NoProductArn

The ARN generated by Security Hub that uniquely identifies a product that generates findings. Thiscan be the ARN for a third-party product that is integrated with Security Hub, or the ARN for acustom integration.

Type: String

Pattern: .*\S.*

Required: YesProductFields

A data type where security-findings providers can include additional solution-specific details thataren't part of the defined AwsSecurityFinding format.

Type: String to string map

Key Pattern: .*\S.*

Value Pattern: .*\S.*

Required: NoRecordState

The record state of a finding.

Type: String

Valid Values: ACTIVE | ARCHIVED

Required: NoRelatedFindings

A list of related findings.

Type: Array of RelatedFinding (p. 286) objects

API Version 2018-10-26237

Page 252: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

Required: NoRemediation

A data type that describes the remediation options for a finding.

Type: Remediation (p. 287) object

Required: NoResources

A set of resource data types that describe the resources that the finding refers to.

Type: Array of Resource (p. 288) objects

Required: YesSchemaVersion

The schema version that a finding is formatted for.

Type: String

Pattern: .*\S.*

Required: YesSeverity

A finding's severity.

Type: Severity (p. 295) object

Required: YesSourceUrl

A URL that links to a page about the current finding in the security-findings provider's solution.

Type: String

Pattern: .*\S.*

Required: NoThreatIntelIndicators

Threat intelligence details related to a finding.

Type: Array of ThreatIntelIndicator (p. 305) objects

Required: NoTitle

A finding's title.

NoteIn this release, Title is a required property.

Type: String

Pattern: .*\S.*

Required: Yes

API Version 2018-10-26238

Page 253: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

Types

One or more finding types in the format of namespace/category/classifier that classify afinding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors |Sensitive Data Identifications

Type: Array of strings

Pattern: .*\S.*

Required: YesUpdatedAt

An ISO8601-formatted timestamp that indicates when the security-findings provider last updatedthe finding record.

Type: String

Pattern: .*\S.*

Required: YesUserDefinedFields

A list of name/value string pairs associated with the finding. These are custom, user-defined fieldsadded to a finding.

Type: String to string map

Key Pattern: .*\S.*

Value Pattern: .*\S.*

Required: NoVerificationState

Indicates the veracity of a finding.

Type: String

Valid Values: UNKNOWN | TRUE_POSITIVE | FALSE_POSITIVE | BENIGN_POSITIVE

Required: NoWorkflow

Provides information about the status of the investigation into a finding.

Type: Workflow (p. 310) object

Required: NoWorkflowState

This member has been deprecated.

The workflow state of a finding.

Type: String

Valid Values: NEW | ASSIGNED | IN_PROGRESS | DEFERRED | RESOLVED

API Version 2018-10-26239

Page 254: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26240

Page 255: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsSecurityFindingFilters

AwsSecurityFindingFiltersA collection of attributes that are applied to all active Security Hub-aggregated findings and that resultin a subset of findings that are included in this insight.

ContentsAwsAccountId

The AWS account ID that a finding is generated in.

Type: Array of StringFilter (p. 304) objects

Required: NoCompanyName

The name of the findings provider (company) that owns the solution (product) that generatesfindings.

Type: Array of StringFilter (p. 304) objects

Required: NoComplianceStatus

Exclusive to findings that are generated as the result of a check run against a specific rule in asupported standard, such as CIS AWS Foundations. Contains security standard-related findingdetails.

Type: Array of StringFilter (p. 304) objects

Required: NoConfidence

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies thebehavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidenceand 100 means 100 percent confidence.

Type: Array of NumberFilter (p. 280) objects

Required: NoCreatedAt

An ISO8601-formatted timestamp that indicates when the security-findings provider captured thepotential security issue that a finding captured.

Type: Array of DateFilter (p. 262) objects

Required: NoCriticality

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reservedfor the most critical resources.

Type: Array of NumberFilter (p. 280) objects

API Version 2018-10-26241

Page 256: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

Required: NoDescription

A finding's description.

Type: Array of StringFilter (p. 304) objects

Required: NoFirstObservedAt

An ISO8601-formatted timestamp that indicates when the security-findings provider first observedthe potential security issue that a finding captured.

Type: Array of DateFilter (p. 262) objects

Required: NoGeneratorId

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.In various security-findings providers' solutions, this generator can be called a rule, a check, adetector, a plug-in, etc.

Type: Array of StringFilter (p. 304) objects

Required: NoId

The security findings provider-specific identifier for a finding.

Type: Array of StringFilter (p. 304) objects

Required: NoKeyword

A keyword for a finding.

Type: Array of KeywordFilter (p. 270) objects

Required: NoLastObservedAt

An ISO8601-formatted timestamp that indicates when the security-findings provider most recentlyobserved the potential security issue that a finding captured.

Type: Array of DateFilter (p. 262) objects

Required: NoMalwareName

The name of the malware that was observed.

Type: Array of StringFilter (p. 304) objects

Required: NoMalwarePath

The filesystem path of the malware that was observed.

Type: Array of StringFilter (p. 304) objects

API Version 2018-10-26242

Page 257: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

Required: NoMalwareState

The state of the malware that was observed.

Type: Array of StringFilter (p. 304) objects

Required: NoMalwareType

The type of the malware that was observed.

Type: Array of StringFilter (p. 304) objects

Required: NoNetworkDestinationDomain

The destination domain of network-related information about a finding.

Type: Array of StringFilter (p. 304) objects

Required: NoNetworkDestinationIpV4

The destination IPv4 address of network-related information about a finding.

Type: Array of IpFilter (p. 269) objects

Required: NoNetworkDestinationIpV6

The destination IPv6 address of network-related information about a finding.

Type: Array of IpFilter (p. 269) objects

Required: NoNetworkDestinationPort

The destination port of network-related information about a finding.

Type: Array of NumberFilter (p. 280) objects

Required: NoNetworkDirection

Indicates the direction of network traffic associated with a finding.

Type: Array of StringFilter (p. 304) objects

Required: NoNetworkProtocol

The protocol of network-related information about a finding.

Type: Array of StringFilter (p. 304) objects

Required: NoNetworkSourceDomain

The source domain of network-related information about a finding.

API Version 2018-10-26243

Page 258: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

Type: Array of StringFilter (p. 304) objects

Required: NoNetworkSourceIpV4

The source IPv4 address of network-related information about a finding.

Type: Array of IpFilter (p. 269) objects

Required: NoNetworkSourceIpV6

The source IPv6 address of network-related information about a finding.

Type: Array of IpFilter (p. 269) objects

Required: NoNetworkSourceMac

The source media access control (MAC) address of network-related information about a finding.

Type: Array of StringFilter (p. 304) objects

Required: NoNetworkSourcePort

The source port of network-related information about a finding.

Type: Array of NumberFilter (p. 280) objects

Required: NoNoteText

The text of a note.

Type: Array of StringFilter (p. 304) objects

Required: NoNoteUpdatedAt

The timestamp of when the note was updated.

Type: Array of DateFilter (p. 262) objects

Required: NoNoteUpdatedBy

The principal that created a note.

Type: Array of StringFilter (p. 304) objects

Required: NoProcessLaunchedAt

The date/time that the process was launched.

Type: Array of DateFilter (p. 262) objects

Required: No

API Version 2018-10-26244

Page 259: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

ProcessName

The name of the process.

Type: Array of StringFilter (p. 304) objects

Required: NoProcessParentPid

The parent process ID.

Type: Array of NumberFilter (p. 280) objects

Required: NoProcessPath

The path to the process executable.

Type: Array of StringFilter (p. 304) objects

Required: NoProcessPid

The process ID.

Type: Array of NumberFilter (p. 280) objects

Required: NoProcessTerminatedAt

The date/time that the process was terminated.

Type: Array of DateFilter (p. 262) objects

Required: NoProductArn

The ARN generated by Security Hub that uniquely identifies a third-party company (security findingsprovider) after this provider's product (solution that generates findings) is registered with SecurityHub.

Type: Array of StringFilter (p. 304) objects

Required: NoProductFields

A data type where security-findings providers can include additional solution-specific details thataren't part of the defined AwsSecurityFinding format.

Type: Array of MapFilter (p. 273) objects

Required: NoProductName

The name of the solution (product) that generates findings.

Type: Array of StringFilter (p. 304) objects

Required: No

API Version 2018-10-26245

Page 260: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

RecommendationText

The recommendation of what to do about the issue described in a finding.

Type: Array of StringFilter (p. 304) objects

Required: NoRecordState

The updated record state for the finding.

Type: Array of StringFilter (p. 304) objects

Required: NoRelatedFindingsId

The solution-generated identifier for a related finding.

Type: Array of StringFilter (p. 304) objects

Required: NoRelatedFindingsProductArn

The ARN of the solution that generated a related finding.

Type: Array of StringFilter (p. 304) objects

Required: NoResourceAwsEc2InstanceIamInstanceProfileArn

The IAM profile ARN of the instance.

Type: Array of StringFilter (p. 304) objects

Required: NoResourceAwsEc2InstanceImageId

The Amazon Machine Image (AMI) ID of the instance.

Type: Array of StringFilter (p. 304) objects

Required: NoResourceAwsEc2InstanceIpV4Addresses

The IPv4 addresses associated with the instance.

Type: Array of IpFilter (p. 269) objects

Required: NoResourceAwsEc2InstanceIpV6Addresses

The IPv6 addresses associated with the instance.

Type: Array of IpFilter (p. 269) objects

Required: NoResourceAwsEc2InstanceKeyName

The key name associated with the instance.

Type: Array of StringFilter (p. 304) objects

API Version 2018-10-26246

Page 261: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

Required: NoResourceAwsEc2InstanceLaunchedAt

The date and time the instance was launched.

Type: Array of DateFilter (p. 262) objects

Required: NoResourceAwsEc2InstanceSubnetId

The identifier of the subnet that the instance was launched in.

Type: Array of StringFilter (p. 304) objects

Required: NoResourceAwsEc2InstanceType

The instance type of the instance.

Type: Array of StringFilter (p. 304) objects

Required: NoResourceAwsEc2InstanceVpcId

The identifier of the VPC that the instance was launched in.

Type: Array of StringFilter (p. 304) objects

Required: NoResourceAwsIamAccessKeyCreatedAt

The creation date/time of the IAM access key related to a finding.

Type: Array of DateFilter (p. 262) objects

Required: NoResourceAwsIamAccessKeyStatus

The status of the IAM access key related to a finding.

Type: Array of StringFilter (p. 304) objects

Required: NoResourceAwsIamAccessKeyUserName

The user associated with the IAM access key related to a finding.

Type: Array of StringFilter (p. 304) objects

Required: NoResourceAwsS3BucketOwnerId

The canonical user ID of the owner of the S3 bucket.

Type: Array of StringFilter (p. 304) objects

Required: NoResourceAwsS3BucketOwnerName

The display name of the owner of the S3 bucket.

API Version 2018-10-26247

Page 262: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

Type: Array of StringFilter (p. 304) objects

Required: NoResourceContainerImageId

The identifier of the image related to a finding.

Type: Array of StringFilter (p. 304) objects

Required: NoResourceContainerImageName

The name of the image related to a finding.

Type: Array of StringFilter (p. 304) objects

Required: NoResourceContainerLaunchedAt

The date/time that the container was started.

Type: Array of DateFilter (p. 262) objects

Required: NoResourceContainerName

The name of the container related to a finding.

Type: Array of StringFilter (p. 304) objects

Required: NoResourceDetailsOther

The details of a resource that doesn't have a specific subfield for the resource type defined.

Type: Array of MapFilter (p. 273) objects

Required: NoResourceId

The canonical identifier for the given resource type.

Type: Array of StringFilter (p. 304) objects

Required: NoResourcePartition

The canonical AWS partition name that the Region is assigned to.

Type: Array of StringFilter (p. 304) objects

Required: NoResourceRegion

The canonical AWS external Region name where this resource is located.

Type: Array of StringFilter (p. 304) objects

Required: No

API Version 2018-10-26248

Page 263: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

ResourceTags

A list of AWS tags associated with a resource at the time the finding was processed.

Type: Array of MapFilter (p. 273) objects

Required: NoResourceType

Specifies the type of the resource that details are provided for.

Type: Array of StringFilter (p. 304) objects

Required: NoSeverityLabel

The label of a finding's severity.

Type: Array of StringFilter (p. 304) objects

Required: NoSeverityNormalized

The normalized severity of a finding.

Type: Array of NumberFilter (p. 280) objects

Required: NoSeverityProduct

The native severity as defined by the security-findings provider's solution that generated the finding.

Type: Array of NumberFilter (p. 280) objects

Required: NoSourceUrl

A URL that links to a page about the current finding in the security-findings provider's solution.

Type: Array of StringFilter (p. 304) objects

Required: NoThreatIntelIndicatorCategory

The category of a threat intelligence indicator.

Type: Array of StringFilter (p. 304) objects

Required: NoThreatIntelIndicatorLastObservedAt

The date/time of the last observation of a threat intelligence indicator.

Type: Array of DateFilter (p. 262) objects

Required: NoThreatIntelIndicatorSource

The source of the threat intelligence.

API Version 2018-10-26249

Page 264: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

Type: Array of StringFilter (p. 304) objects

Required: NoThreatIntelIndicatorSourceUrl

The URL for more details from the source of the threat intelligence.

Type: Array of StringFilter (p. 304) objects

Required: NoThreatIntelIndicatorType

The type of a threat intelligence indicator.

Type: Array of StringFilter (p. 304) objects

Required: NoThreatIntelIndicatorValue

The value of a threat intelligence indicator.

Type: Array of StringFilter (p. 304) objects

Required: NoTitle

A finding's title.

Type: Array of StringFilter (p. 304) objects

Required: NoType

A finding type in the format of namespace/category/classifier that classifies a finding.

Type: Array of StringFilter (p. 304) objects

Required: NoUpdatedAt

An ISO8601-formatted timestamp that indicates when the security-findings provider last updatedthe finding record.

Type: Array of DateFilter (p. 262) objects

Required: NoUserDefinedFields

A list of name/value string pairs associated with the finding. These are custom, user-defined fieldsadded to a finding.

Type: Array of MapFilter (p. 273) objects

Required: NoVerificationState

The veracity of a finding.

Type: Array of StringFilter (p. 304) objects

API Version 2018-10-26250

Page 265: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Required: NoWorkflowState

The workflow state of a finding.

Type: Array of StringFilter (p. 304) objects

Required: NoWorkflowStatus

The status of the investigation into a finding. Allowed values are the following.• NEW - The initial state of a finding, before it is reviewed.• NOTIFIED - Indicates that the resource owner has been notified about the security issue. Used

when the initial reviewer is not the resource owner, and needs intervention from the resourceowner.

• SUPPRESSED - The finding will not be reviewed again and will not be acted upon.• RESOLVED - The finding was reviewed and remediated and is now considered resolved.

Type: Array of StringFilter (p. 304) objects

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26251

Page 266: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsSecurityFindingIdentifier

AwsSecurityFindingIdentifierIdentifies a finding to update using BatchUpdateFindings.

ContentsId

The identifier of the finding that was specified by the finding provider.

Type: String

Pattern: .*\S.*

Required: YesProductArn

The ARN generated by Security Hub that uniquely identifies a product that generates findings. Thiscan be the ARN for a third-party product that is integrated with Security Hub, or the ARN for acustom integration.

Type: String

Pattern: .*\S.*

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26252

Page 267: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsSnsTopicDetails

AwsSnsTopicDetailsA wrapper type for the topic's Amazon Resource Name (ARN).

ContentsKmsMasterKeyId

The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK.

Type: String

Pattern: .*\S.*

Required: NoOwner

The subscription's owner.

Type: String

Pattern: .*\S.*

Required: NoSubscription

Subscription is an embedded property that describes the subscription endpoints of an Amazon SNStopic.

Type: Array of AwsSnsTopicSubscription (p. 254) objects

Required: NoTopicName

The name of the topic.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26253

Page 268: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsSnsTopicSubscription

AwsSnsTopicSubscriptionA wrapper type for the attributes of an Amazon SNS subscription.

ContentsEndpoint

The subscription's endpoint (format depends on the protocol).

Type: String

Pattern: .*\S.*

Required: NoProtocol

The subscription's protocol.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26254

Page 269: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsSqsQueueDetails

AwsSqsQueueDetailsData about a queue.

ContentsDeadLetterTargetArn

The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves messagesafter the value of maxReceiveCount is exceeded.

Type: String

Pattern: .*\S.*

Required: NoKmsDataKeyReusePeriodSeconds

The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decryptmessages before calling AWS KMS again.

Type: Integer

Required: NoKmsMasterKeyId

The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK.

Type: String

Pattern: .*\S.*

Required: NoQueueName

The name of the new queue.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26255

Page 270: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsWafWebAclDetails

AwsWafWebAclDetailsDetails about a WAF WebACL.

ContentsDefaultAction

The action to perform if none of the Rules contained in the WebACL match.

Type: String

Pattern: .*\S.*

Required: NoName

A friendly name or description of the WebACL. You can't change the name of a WebACL after youcreate it.

Type: String

Pattern: .*\S.*

Required: NoRules

An array that contains the action for each rule in a WebACL, the priority of the rule, and the ID of therule.

Type: Array of AwsWafWebAclRule (p. 257) objects

Required: NoWebAclId

A unique identifier for a WebACL.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26256

Page 271: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceAwsWafWebAclRule

AwsWafWebAclRuleDetails for a rule in a WAF WebACL.

ContentsAction

Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditionsin the Rule.

Type: WafAction (p. 307) object

Required: NoExcludedRules

Rules to exclude from a rule group.

Type: Array of WafExcludedRule (p. 308) objects

Required: NoOverrideAction

Use the OverrideAction to test your RuleGroup.

Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction to None,the RuleGroup blocks a request if any individual rule in the RuleGroup matches the request and isconfigured to block that request.

However, if you first want to test the RuleGroup, set the OverrideAction to Count. The RuleGroupthen overrides any block action specified by individual rules contained within the group. Instead ofblocking matching requests, those requests are counted.

ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to aWebACL. In this case you do not use ActivatedRule|Action. For all other update requests,ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.

Type: WafOverrideAction (p. 309) object

Required: NoPriority

Specifies the order in which the Rules in a WebACL are evaluated. Rules with a lower value forPriority are evaluated before Rules with a higher value. The value must be a unique integer. If youadd multiple Rules to a WebACL, the values do not need to be consecutive.

Type: Integer

Required: NoRuleId

The identifier for a Rule.

Type: String

Pattern: .*\S.*

Required: No

API Version 2018-10-26257

Page 272: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Type

The rule type.

Valid values: REGULAR | RATE_BASED | GROUP

The default is REGULAR.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26258

Page 273: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceBatchUpdateFindingsUnprocessedFinding

BatchUpdateFindingsUnprocessedFindingA finding from a BatchUpdateFindings request that Security Hub was unable to update.

ContentsErrorCode

The code associated with the error.

Type: String

Pattern: .*\S.*

Required: YesErrorMessage

The message associated with the error.

Type: String

Pattern: .*\S.*

Required: YesFindingIdentifier

The identifier of the finding that was not updated.

Type: AwsSecurityFindingIdentifier (p. 252) object

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26259

Page 274: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceCompliance

ComplianceExclusive to findings that are generated as the result of a check run against a specific rule in a supportedsecurity standard, such as CIS AWS Foundations. Contains security standard-related finding details.

Values include the following:

• Allowed values are the following:• PASSED - Standards check passed for all evaluated resources.• WARNING - Some information is missing or this check is not supported given your configuration.• FAILED - Standards check failed for at least one evaluated resource.• NOT_AVAILABLE - Check could not be performed due to a service outage, API error, or because the

result of the AWS Config evaluation was NOT_APPLICABLE. If the AWS Config evaluation result was NOT_APPLICABLE, then after 3 days, Security Hub automatically archives the finding.

ContentsRelatedRequirements

List of requirements that are related to a standards control.

Type: Array of strings

Pattern: .*\S.*

Required: NoStatus

The result of a standards check.

Type: String

Valid Values: PASSED | WARNING | FAILED | NOT_AVAILABLE

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26260

Page 275: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContainerDetails

ContainerDetailsContainer details related to a finding.

ContentsImageId

The identifier of the image related to a finding.

Type: String

Pattern: .*\S.*

Required: NoImageName

The name of the image related to a finding.

Type: String

Pattern: .*\S.*

Required: NoLaunchedAt

The date and time when the container started.

Type: String

Pattern: .*\S.*

Required: NoName

The name of the container related to a finding.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26261

Page 276: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDateFilter

DateFilterA date filter for querying findings.

ContentsDateRange

A date range for the date filter.

Type: DateRange (p. 263) object

Required: NoEnd

An end date for the date filter.

Type: String

Pattern: .*\S.*

Required: NoStart

A start date for the date filter.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26262

Page 277: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceDateRange

DateRangeA date range for the date filter.

ContentsUnit

A date range unit for the date filter.

Type: String

Valid Values: DAYS

Required: NoValue

A date range value for the date filter.

Type: Integer

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26263

Page 278: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceImportFindingsError

ImportFindingsErrorThe list of the findings that cannot be imported. For each finding, the list provides the error.

ContentsErrorCode

The code of the error returned by the BatchImportFindings operation.

Type: String

Pattern: .*\S.*

Required: YesErrorMessage

The message of the error returned by the BatchImportFindings operation.

Type: String

Pattern: .*\S.*

Required: YesId

The identifier of the finding that could not be updated.

Type: String

Pattern: .*\S.*

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26264

Page 279: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceInsight

InsightContains information about a Security Hub insight.

ContentsFilters

One or more attributes used to filter the findings included in the insight. The insight only includesfindings that match the criteria defined in the filters.

Type: AwsSecurityFindingFilters (p. 241) object

Required: YesGroupByAttribute

The grouping attribute for the insight's findings. Indicates how to group the matching findings,and identifies the type of item that the insight applies to. For example, if an insight is grouped byresource identifier, then the insight produces a list of resource identifiers.

Type: String

Pattern: .*\S.*

Required: YesInsightArn

The ARN of a Security Hub insight.

Type: String

Pattern: .*\S.*

Required: YesName

The name of a Security Hub insight.

Type: String

Pattern: .*\S.*

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26265

Page 280: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceInsightResults

InsightResultsThe insight results returned by the GetInsightResults operation.

ContentsGroupByAttribute

The attribute that the findings are grouped by for the insight whose results are returned by theGetInsightResults operation.

Type: String

Pattern: .*\S.*

Required: YesInsightArn

The ARN of the insight whose results are returned by the GetInsightResults operation.

Type: String

Pattern: .*\S.*

Required: YesResultValues

The list of insight result values returned by the GetInsightResults operation.

Type: Array of InsightResultValue (p. 267) objects

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26266

Page 281: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceInsightResultValue

InsightResultValueThe insight result values returned by the GetInsightResults operation.

ContentsCount

The number of findings returned for each GroupByAttributeValue.

Type: Integer

Required: YesGroupByAttributeValue

The value of the attribute that the findings are grouped by for the insight whose results are returnedby the GetInsightResults operation.

Type: String

Pattern: .*\S.*

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26267

Page 282: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceInvitation

InvitationDetails about an invitation.

ContentsAccountId

The account ID of the Security Hub master account that the invitation was sent from.

Type: String

Required: NoInvitationId

The ID of the invitation sent to the member account.

Type: String

Pattern: .*\S.*

Required: NoInvitedAt

The timestamp of when the invitation was sent.

Type: Timestamp

Required: NoMemberStatus

The current status of the association between the member and master accounts.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26268

Page 283: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceIpFilter

IpFilterThe IP filter for querying findings.

ContentsCidr

A finding's CIDR value.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26269

Page 284: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceKeywordFilter

KeywordFilterA keyword filter for querying findings.

ContentsValue

A value for the keyword.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26270

Page 285: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceLoadBalancerState

LoadBalancerStateInformation about the state of the load balancer.

ContentsCode

The state code. The initial state of the load balancer is provisioning.

After the load balancer is fully set up and ready to route traffic, its state is active.

If the load balancer could not be set up, its state is failed.

Type: String

Pattern: .*\S.*

Required: NoReason

A description of the state.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26271

Page 286: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceMalware

MalwareA list of malware related to a finding.

ContentsName

The name of the malware that was observed.

Type: String

Pattern: .*\S.*

Required: YesPath

The file system path of the malware that was observed.

Type: String

Pattern: .*\S.*

Required: NoState

The state of the malware that was observed.

Type: String

Valid Values: OBSERVED | REMOVAL_FAILED | REMOVED

Required: NoType

The type of the malware that was observed.

Type: String

Valid Values: ADWARE | BLENDED_THREAT | BOTNET_AGENT | COIN_MINER | EXPLOIT_KIT| KEYLOGGER | MACRO | POTENTIALLY_UNWANTED | SPYWARE | RANSOMWARE |REMOTE_ACCESS | ROOTKIT | TROJAN | VIRUS | WORM

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26272

Page 287: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceMapFilter

MapFilterThe map filter for querying findings.

ContentsComparison

The condition to apply to a key value when querying for findings with a map filter.

Type: String

Valid Values: EQUALS

Required: NoKey

The key of the map filter.

Type: String

Pattern: .*\S.*

Required: NoValue

The value for the key in the map filter.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26273

Page 288: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceMember

MemberThe details about a member account.

ContentsAccountId

The AWS account ID of the member account.

Type: String

Required: NoEmail

The email address of the member account.

Type: String

Pattern: .*\S.*

Required: NoInvitedAt

A timestamp for the date and time when the invitation was sent to the member account.

Type: Timestamp

Required: NoMasterId

The AWS account ID of the Security Hub master account associated with this member account.

Type: String

Pattern: .*\S.*

Required: NoMemberStatus

The status of the relationship between the member account and its master account.

Type: String

Pattern: .*\S.*

Required: NoUpdatedAt

The timestamp for the date and time when the member account was updated.

Type: Timestamp

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

API Version 2018-10-26274

Page 290: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceNetwork

NetworkThe details of network-related information about a finding.

ContentsDestinationDomain

The destination domain of network-related information about a finding.

Type: String

Pattern: .*\S.*

Required: NoDestinationIpV4

The destination IPv4 address of network-related information about a finding.

Type: String

Pattern: .*\S.*

Required: NoDestinationIpV6

The destination IPv6 address of network-related information about a finding.

Type: String

Pattern: .*\S.*

Required: NoDestinationPort

The destination port of network-related information about a finding.

Type: Integer

Required: NoDirection

The direction of network traffic associated with a finding.

Type: String

Valid Values: IN | OUT

Required: NoProtocol

The protocol of network-related information about a finding.

Type: String

Pattern: .*\S.*

Required: No

API Version 2018-10-26276

Page 291: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

SourceDomain

The source domain of network-related information about a finding.

Type: String

Pattern: .*\S.*

Required: NoSourceIpV4

The source IPv4 address of network-related information about a finding.

Type: String

Pattern: .*\S.*

Required: NoSourceIpV6

The source IPv6 address of network-related information about a finding.

Type: String

Pattern: .*\S.*

Required: NoSourceMac

The source media access control (MAC) address of network-related information about a finding.

Type: String

Pattern: .*\S.*

Required: NoSourcePort

The source port of network-related information about a finding.

Type: Integer

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26277

Page 292: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceNote

NoteA user-defined note added to a finding.

ContentsText

The text of a note.

Type: String

Pattern: .*\S.*

Required: YesUpdatedAt

The timestamp of when the note was updated.

Type: String

Pattern: .*\S.*

Required: YesUpdatedBy

The principal that created a note.

Type: String

Pattern: .*\S.*

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26278

Page 293: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceNoteUpdate

NoteUpdateThe updated note.

ContentsText

The updated note text.

Type: String

Pattern: .*\S.*

Required: YesUpdatedBy

The principal that updated the note.

Type: String

Pattern: .*\S.*

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26279

Page 294: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceNumberFilter

NumberFilterA number filter for querying findings.

ContentsEq

The equal-to condition to be applied to a single field when querying for findings.

Type: Double

Required: NoGte

The greater-than-equal condition to be applied to a single field when querying for findings.

Type: Double

Required: NoLte

The less-than-equal condition to be applied to a single field when querying for findings.

Type: Double

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26280

Page 295: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceProcessDetails

ProcessDetailsThe details of process-related information about a finding.

ContentsLaunchedAt

The date/time that the process was launched.

Type: String

Pattern: .*\S.*

Required: No

Name

The name of the process.

Type: String

Pattern: .*\S.*

Required: No

ParentPid

The parent process ID.

Type: Integer

Required: No

Path

The path to the process executable.

Type: String

Pattern: .*\S.*

Required: No

Pid

The process ID.

Type: Integer

Required: No

TerminatedAt

The date and time when the process was terminated.

Type: String

Pattern: .*\S.*

Required: No

API Version 2018-10-26281

Page 296: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26282

Page 297: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceProduct

ProductContains details about a product.

ContentsActivationUrl

The URL used to activate the product.

Type: String

Pattern: .*\S.*

Required: NoCategories

The categories assigned to the product.

Type: Array of strings

Pattern: .*\S.*

Required: NoCompanyName

The name of the company that provides the product.

Type: String

Pattern: .*\S.*

Required: NoDescription

A description of the product.

Type: String

Pattern: .*\S.*

Required: NoIntegrationTypes

The types of integration that the product supports. Available values are the following.• SEND_FINDINGS_TO_SECURITY_HUB - Indicates that the integration sends findings to Security

Hub.• RECEIVE_FINDINGS_FROM_SECURITY_HUB - Indicates that the integration receives findings

from Security Hub.

Type: Array of strings

Valid Values: SEND_FINDINGS_TO_SECURITY_HUB |RECEIVE_FINDINGS_FROM_SECURITY_HUB

Required: No

API Version 2018-10-26283

Page 298: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

MarketplaceUrl

The URL for the page that contains more information about the product.

Type: String

Pattern: .*\S.*

Required: NoProductArn

The ARN assigned to the product.

Type: String

Pattern: .*\S.*

Required: YesProductName

The name of the product.

Type: String

Pattern: .*\S.*

Required: NoProductSubscriptionResourcePolicy

The resource policy associated with the product.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26284

Page 299: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRecommendation

RecommendationA recommendation on how to remediate the issue identified in a finding.

ContentsText

Describes the recommended steps to take to remediate an issue identified in a finding.

Type: String

Pattern: .*\S.*

Required: NoUrl

A URL to a page or site that contains information about how to remediate a finding.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26285

Page 300: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRelatedFinding

RelatedFindingDetails about a related finding.

ContentsId

The product-generated identifier for a related finding.

Type: String

Pattern: .*\S.*

Required: YesProductArn

The ARN of the product that generated a related finding.

Type: String

Pattern: .*\S.*

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26286

Page 301: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceRemediation

RemediationDetails about the remediation steps for a finding.

ContentsRecommendation

A recommendation on the steps to take to remediate the issue identified by a finding.

Type: Recommendation (p. 285) object

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26287

Page 302: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResource

ResourceA resource related to a finding.

ContentsDetails

Additional details about the resource related to a finding.

Type: ResourceDetails (p. 290) object

Required: NoId

The canonical identifier for the given resource type.

Type: String

Pattern: .*\S.*

Required: YesPartition

The canonical AWS partition name that the Region is assigned to.

Type: String

Valid Values: aws | aws-cn | aws-us-gov

Required: NoRegion

The canonical AWS external Region name where this resource is located.

Type: String

Pattern: .*\S.*

Required: NoTags

A list of AWS tags associated with a resource at the time the finding was processed.

Type: String to string map

Key Pattern: .*\S.*

Value Pattern: .*\S.*

Required: NoType

The type of the resource that details are provided for. If possible, set Type to one of the supportedresource types. For example, if the resource is an EC2 instance, then set Type to AwsEc2Instance.

If the resource does not match any of the provided types, then set Type to Other.

Type: String

API Version 2018-10-26288

Page 303: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Pattern: .*\S.*

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26289

Page 304: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResourceDetails

ResourceDetailsAdditional details about a resource related to a finding.

To provide the details, use the object that corresponds to the resource type. For example, if the resourcetype is AwsEc2Instance, then you use the AwsEc2Instance object to provide the details.

If the type-specific object does not contain all of the fields you want to populate, then you use theOther object to populate those additional fields.

You also use the Other object to populate the details when the selected type does not have acorresponding object.

ContentsAwsCloudFrontDistribution

Details about a CloudFront distribution.

Type: AwsCloudFrontDistributionDetails (p. 169) object

Required: NoAwsCodeBuildProject

Details for an AWS CodeBuild project.

Type: AwsCodeBuildProjectDetails (p. 174) object

Required: NoAwsEc2Instance

Details about an Amazon EC2 instance related to a finding.

Type: AwsEc2InstanceDetails (p. 182) object

Required: NoAwsEc2NetworkInterface

Details for an AWS EC2 network interface.

Type: AwsEc2NetworkInterfaceDetails (p. 186) object

Required: NoAwsEc2SecurityGroup

Details for an EC2 security group.

Type: AwsEc2SecurityGroupDetails (p. 188) object

Required: NoAwsElasticsearchDomain

Details for an Elasticsearch domain.

Type: AwsElasticsearchDomainDetails (p. 197) object

Required: No

API Version 2018-10-26290

Page 305: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceContents

AwsElbv2LoadBalancer

Details about a load balancer.

Type: AwsElbv2LoadBalancerDetails (p. 203) object

Required: NoAwsIamAccessKey

Details about an IAM access key related to a finding.

Type: AwsIamAccessKeyDetails (p. 205) object

Required: NoAwsIamRole

Details about an IAM role.

Type: AwsIamRoleDetails (p. 207) object

Required: NoAwsKmsKey

Details about a KMS key.

Type: AwsKmsKeyDetails (p. 209) object

Required: NoAwsLambdaFunction

Details about a Lambda function.

Type: AwsLambdaFunctionDetails (p. 213) object

Required: NoAwsLambdaLayerVersion

Details for a Lambda layer version.

Type: AwsLambdaLayerVersionDetails (p. 221) object

Required: NoAwsRdsDbInstance

Details for an RDS database instance.

Type: AwsRdsDbInstanceDetails (p. 223) object

Required: NoAwsS3Bucket

Details about an Amazon S3 Bucket related to a finding.

Type: AwsS3BucketDetails (p. 229) object

Required: NoAwsS3Object

Details about an Amazon S3 object related to a finding.

API Version 2018-10-26291

Page 306: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Type: AwsS3ObjectDetails (p. 233) object

Required: NoAwsSnsTopic

Details about an SNS topic.

Type: AwsSnsTopicDetails (p. 253) object

Required: NoAwsSqsQueue

Details about an SQS queue.

Type: AwsSqsQueueDetails (p. 255) object

Required: NoAwsWafWebAcl

Details for a WAF WebACL.

Type: AwsWafWebAclDetails (p. 256) object

Required: NoContainer

Details about a container resource related to a finding.

Type: ContainerDetails (p. 261) object

Required: NoOther

Details about a resource that are not available in a type-specific details object. Use the Other objectin the following cases.• The type-specific object does not contain all of the fields that you want to populate. In this case,

first use the type-specific object to populate those fields. Use the Other object to populate thefields that are missing from the type-specific object.

• The resource type does not have a corresponding object. This includes resources for which thetype is Other.

Type: String to string map

Key Pattern: .*\S.*

Value Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26292

Page 307: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

API Version 2018-10-26293

Page 308: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceResult

ResultDetails about the account that was not processed.

ContentsAccountId

An AWS account ID of the account that was not processed.

Type: String

Required: NoProcessingResult

The reason that the account was not processed.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26294

Page 309: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSeverity

SeverityThe severity of the finding.

ContentsLabel

The severity value of the finding. The allowed values are the following.• INFORMATIONAL - No issue was found.• LOW - The issue does not require action on its own.• MEDIUM - The issue must be addressed but not urgently.• HIGH - The issue must be addressed as a priority.• CRITICAL - The issue must be remediated immediately to avoid it escalating.

Type: String

Valid Values: INFORMATIONAL | LOW | MEDIUM | HIGH | CRITICAL

Required: NoNormalized

Deprecated. This attribute is being deprecated. Instead of providing Normalized, provide Label.

If you provide Normalized and do not provide Label, Label is set automatically as follows.• 0 - INFORMATIONAL• 1–39 - LOW• 40–69 - MEDIUM• 70–89 - HIGH• 90–100 - CRITICAL

Type: Integer

Required: NoProduct

The native severity as defined by the AWS service or integrated partner product that generated thefinding.

Type: Double

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26295

Page 310: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSeverityUpdate

SeverityUpdateUpdates to the severity information for a finding.

ContentsLabel

The severity value of the finding. The allowed values are the following.• INFORMATIONAL - No issue was found.• LOW - The issue does not require action on its own.• MEDIUM - The issue must be addressed but not urgently.• HIGH - The issue must be addressed as a priority.• CRITICAL - The issue must be remediated immediately to avoid it escalating.

Type: String

Valid Values: INFORMATIONAL | LOW | MEDIUM | HIGH | CRITICAL

Required: NoNormalized

The normalized severity for the finding. This attribute is to be deprecated in favor of Label.

If you provide Normalized and do not provide Label, Label is set automatically as follows.• 0 - INFORMATIONAL• 1–39 - LOW• 40–69 - MEDIUM• 70–89 - HIGH• 90–100 - CRITICAL

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 100.

Required: NoProduct

The native severity as defined by the AWS service or integrated partner product that generated thefinding.

Type: Double

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26296

Page 311: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

API Version 2018-10-26297

Page 312: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSortCriterion

SortCriterionA collection of finding attributes used to sort findings.

ContentsField

The finding attribute used to sort findings.

Type: String

Pattern: .*\S.*

Required: NoSortOrder

The order used to sort findings.

Type: String

Valid Values: asc | desc

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26298

Page 313: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceStandard

StandardProvides information about a specific standard.

ContentsDescription

A description of the standard.

Type: String

Pattern: .*\S.*

Required: NoEnabledByDefault

Whether the standard is enabled by default. When Security Hub is enabled from the console, if astandard is enabled by default, the check box for that standard is selected by default.

When Security Hub is enabled using the EnableSecurityHub API operation, the standard isenabled by default unless EnableDefaultStandards is set to false.

Type: Boolean

Required: NoName

The name of the standard.

Type: String

Pattern: .*\S.*

Required: NoStandardsArn

The ARN of a standard.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26299

Page 314: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceStandardsControl

StandardsControlDetails for an individual security standard control.

ContentsControlId

The identifier of the security standard control.

Type: String

Pattern: .*\S.*

Required: NoControlStatus

The current status of the security standard control. Indicates whether the control is enabled ordisabled. Security Hub does not check against disabled controls.

Type: String

Valid Values: ENABLED | DISABLED

Required: NoControlStatusUpdatedAt

The date and time that the status of the security standard control was most recently updated.

Type: Timestamp

Required: NoDescription

The longer description of the security standard control. Provides information about what the controlis checking for.

Type: String

Pattern: .*\S.*

Required: NoDisabledReason

The reason provided for the most recent change in status for the control.

Type: String

Pattern: .*\S.*

Required: NoRelatedRequirements

The list of requirements that are related to this control.

Type: Array of strings

Pattern: .*\S.*

API Version 2018-10-26300

Page 315: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Required: NoRemediationUrl

A link to remediation information for the control in the Security Hub user documentation.

Type: String

Pattern: .*\S.*

Required: NoSeverityRating

The severity of findings generated from this security standard control.

The finding severity is based on an assessment of how easy it would be to compromise AWSresources if the issue is detected.

Type: String

Valid Values: LOW | MEDIUM | HIGH | CRITICAL

Required: NoStandardsControlArn

The ARN of the security standard control.

Type: String

Pattern: .*\S.*

Required: NoTitle

The title of the security standard control.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26301

Page 316: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceStandardsSubscription

StandardsSubscriptionA resource that represents your subscription to a supported standard.

ContentsStandardsArn

The ARN of a standard.

Type: String

Pattern: .*\S.*

Required: YesStandardsInput

A key-value pair of input for the standard.

Type: String to string map

Key Pattern: .*\S.*

Value Pattern: .*\S.*

Required: YesStandardsStatus

The status of the standards subscription.

Type: String

Valid Values: PENDING | READY | FAILED | DELETING | INCOMPLETE

Required: YesStandardsSubscriptionArn

The ARN of a resource that represents your subscription to a supported standard.

Type: String

Pattern: .*\S.*

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26302

Page 317: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceStandardsSubscriptionRequest

StandardsSubscriptionRequestThe standard that you want to enable.

ContentsStandardsArn

The ARN of the standard that you want to enable. To view the list of available standards and theirARNs, use the DescribeStandards (p. 61) operation.

Type: String

Pattern: .*\S.*

Required: YesStandardsInput

A key-value pair of input for the standard.

Type: String to string map

Key Pattern: .*\S.*

Value Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26303

Page 318: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceStringFilter

StringFilterA string filter for querying findings.

ContentsComparison

The condition to be applied to a string value when querying for findings.

Type: String

Valid Values: EQUALS | PREFIX

Required: NoValue

The string filter value.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26304

Page 319: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceThreatIntelIndicator

ThreatIntelIndicatorDetails about the threat intelligence related to a finding.

ContentsCategory

The category of a threat intelligence indicator.

Type: String

Valid Values: BACKDOOR | CARD_STEALER | COMMAND_AND_CONTROL | DROP_SITE |EXPLOIT_SITE | KEYLOGGER

Required: NoLastObservedAt

The date and time when the most recent instance of a threat intelligence indicator was observed.

Type: String

Pattern: .*\S.*

Required: NoSource

The source of the threat intelligence indicator.

Type: String

Pattern: .*\S.*

Required: NoSourceUrl

The URL to the page or site where you can get more information about the threat intelligenceindicator.

Type: String

Pattern: .*\S.*

Required: NoType

The type of threat intelligence indicator.

Type: String

Valid Values: DOMAIN | EMAIL_ADDRESS | HASH_MD5 | HASH_SHA1 | HASH_SHA256 |HASH_SHA512 | IPV4_ADDRESS | IPV6_ADDRESS | MUTEX | PROCESS | URL

Required: NoValue

The value of a threat intelligence indicator.

API Version 2018-10-26305

Page 320: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceSee Also

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26306

Page 321: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceWafAction

WafActionDetails about the action that CloudFront or AWS WAF takes when a web request matches the conditionsin the Rule.

ContentsType

Specifies how you want AWS WAF to respond to requests that match the settings in a Rule.

Valid settings include the following:• ALLOW - AWS WAF allows requests• BLOCK - AWS WAF blocks requests• COUNT - AWS WAF increments a counter of the requests that match all of the conditions in the

rule. AWS WAF then continues to inspect the web request based on the remaining rules in the webACL. You can't specify COUNT for the default action for a WebACL.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26307

Page 322: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceWafExcludedRule

WafExcludedRuleDetails about a rule to exclude from a rule group.

ContentsRuleId

The unique identifier for the rule to exclude from the rule group.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26308

Page 323: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceWafOverrideAction

WafOverrideActionDetails about an override action for a rule.

ContentsType

COUNT overrides the action specified by the individual rule within a RuleGroup .

If set to NONE, the rule's action takes place.

Type: String

Pattern: .*\S.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26309

Page 324: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceWorkflow

WorkflowProvides information about the status of the investigation into a finding.

ContentsStatus

The status of the investigation into the finding. The allowed values are the following.• NEW - The initial state of a finding, before it is reviewed.• NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when

the initial reviewer is not the resource owner, and needs intervention from the resource owner.• SUPPRESSED - The finding will not be reviewed again and will not be acted upon.• RESOLVED - The finding was reviewed and remediated and is now considered resolved.

Type: String

Valid Values: NEW | NOTIFIED | RESOLVED | SUPPRESSED

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26310

Page 325: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API ReferenceWorkflowUpdate

WorkflowUpdateUsed to update information about the investigation into the finding.

ContentsStatus

The status of the investigation into the finding. The allowed values are the following.• NEW - The initial state of a finding, before it is reviewed.• NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when

the initial reviewer is not the resource owner, and needs intervention from the resource owner.• RESOLVED - The finding was reviewed and remediated and is now considered resolved.• SUPPRESSED - The finding will not be reviewed again and will not be acted upon.

Type: String

Valid Values: NEW | NOTIFIED | RESOLVED | SUPPRESSED

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V3

API Version 2018-10-26311

Page 326: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

Common ParametersThe following list contains the parameters that all actions use for signing Signature Version 4 requestswith a query string. Any action-specific parameters are listed in the topic for that action. For moreinformation about Signature Version 4, see Signature Version 4 Signing Process in the Amazon WebServices General Reference.

Action

The action to be performed.

Type: string

Required: YesVersion

The API version that the request is written for, expressed in the format YYYY-MM-DD.

Type: string

Required: YesX-Amz-Algorithm

The hash algorithm that you used to create the request signature.

Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.

Type: string

Valid Values: AWS4-HMAC-SHA256

Required: ConditionalX-Amz-Credential

The credential scope value, which is a string that includes your access key, the date, the region youare targeting, the service you are requesting, and a termination string ("aws4_request"). The value isexpressed in the following format: access_key/YYYYMMDD/region/service/aws4_request.

For more information, see Task 2: Create a String to Sign for Signature Version 4 in the Amazon WebServices General Reference.

Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.

Type: string

Required: ConditionalX-Amz-Date

The date that is used to create the signature. The format must be ISO 8601 basic format(YYYYMMDD'T'HHMMSS'Z'). For example, the following date time is a valid X-Amz-Date value:20120325T120000Z.

Condition: X-Amz-Date is optional for all requests; it can be used to override the date used forsigning requests. If the Date header is specified in the ISO 8601 basic format, X-Amz-Date is

API Version 2018-10-26312

Page 327: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

not required. When X-Amz-Date is used, it always overrides the value of the Date header. Formore information, see Handling Dates in Signature Version 4 in the Amazon Web Services GeneralReference.

Type: string

Required: ConditionalX-Amz-Security-Token

The temporary security token that was obtained through a call to AWS Security Token Service (AWSSTS). For a list of services that support temporary security credentials from AWS Security TokenService, go to AWS Services That Work with IAM in the IAM User Guide.

Condition: If you're using temporary security credentials from the AWS Security Token Service, youmust include the security token.

Type: string

Required: ConditionalX-Amz-Signature

Specifies the hex-encoded signature that was calculated from the string to sign and the derivedsigning key.

Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.

Type: string

Required: ConditionalX-Amz-SignedHeaders

Specifies all the HTTP headers that were included as part of the canonical request. For moreinformation about specifying signed headers, see Task 1: Create a Canonical Request For SignatureVersion 4 in the Amazon Web Services General Reference.

Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.

Type: string

Required: Conditional

API Version 2018-10-26313

Page 328: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

Common ErrorsThis section lists the errors common to the API actions of all AWS services. For errors specific to an APIaction for this service, see the topic for that API action.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 400IncompleteSignature

The request signature does not conform to AWS standards.

HTTP Status Code: 400InternalFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500InvalidAction

The action or operation requested is invalid. Verify that the action is typed correctly.

HTTP Status Code: 400InvalidClientTokenId

The X.509 certificate or AWS access key ID provided does not exist in our records.

HTTP Status Code: 403InvalidParameterCombination

Parameters that must not be used together were used together.

HTTP Status Code: 400InvalidParameterValue

An invalid or out-of-range value was supplied for the input parameter.

HTTP Status Code: 400InvalidQueryParameter

The AWS query string is malformed or does not adhere to AWS standards.

HTTP Status Code: 400MalformedQueryString

The query string contains a syntax error.

HTTP Status Code: 404MissingAction

The request is missing an action or a required parameter.

HTTP Status Code: 400

API Version 2018-10-26314

Page 329: AWS Security Hub · AWS Security Hub API Reference Welcome Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also

AWS Security Hub API Reference

MissingAuthenticationToken

The request must contain either a valid (registered) AWS access key ID or X.509 certificate.

HTTP Status Code: 403MissingParameter

A required parameter for the specified action is not supplied.

HTTP Status Code: 400OptInRequired

The AWS access key ID needs a subscription for the service.

HTTP Status Code: 403RequestExpired

The request reached the service more than 15 minutes after the date stamp on the request or morethan 15 minutes after the request expiration date (such as for pre-signed URLs), or the date stampon the request is more than 15 minutes in the future.

HTTP Status Code: 400ServiceUnavailable

The request has failed due to a temporary failure of the server.

HTTP Status Code: 503ThrottlingException

The request was denied due to request throttling.

HTTP Status Code: 400ValidationError

The input fails to satisfy the constraints specified by an AWS service.

HTTP Status Code: 400

API Version 2018-10-26315