[−][src]Crate rusoto_securityhub
Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also provides you with the readiness status of your environment based on controls from supported security standards. Security Hub collects security data from AWS accounts, services, and integrated third-party products and helps you analyze security trends in your environment to identify the highest priority security issues. For more information about Security Hub, see the AWS Security Hub User Guide .
When you use operations in the Security Hub API, the requests are executed only in the AWS Region that is currently active or in the specific AWS Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, execute the same command for each Region to apply the change to.
For example, if your Region is set to us-west-2
, when you use CreateMembers
to add a member account to Security Hub, the association of the member account with the master account is created only in the us-west-2
Region. Security Hub must be enabled for the member account in the same Region that the invitation was sent from.
The following throttling limits apply to using Security Hub API operations.
-
GetFindings
-RateLimit
of 3 requests per second.BurstLimit
of 6 requests per second. -
UpdateFindings
-RateLimit
of 1 request per second.BurstLimit
of 5 requests per second. -
All other operations -
RateLimit
of 10 requests per second.BurstLimit
of 30 requests per second.
If you're using the service, you're probably looking for SecurityHubClient and SecurityHub.
Structs
AcceptInvitationRequest | |
AcceptInvitationResponse | |
AccountDetails | The details of an AWS account. |
ActionTarget | An |
AvailabilityZone | Information about an Availability Zone. |
AwsAutoScalingAutoScalingGroupDetails | Provides details about an auto scaling group. |
AwsCloudFrontDistributionDetails | A distribution configuration. |
AwsCloudFrontDistributionLogging | A complex type that controls whether access logs are written for the distribution. |
AwsCloudFrontDistributionOriginItem | A complex type that describes the Amazon S3 bucket, HTTP server (for example, a web server), Amazon Elemental MediaStore, or other server from which CloudFront gets your files. |
AwsCloudFrontDistributionOrigins | A complex type that contains information about origins and origin groups for this distribution. |
AwsCodeBuildProjectDetails | Information about an AWS CodeBuild project. |
AwsCodeBuildProjectEnvironment | Information about the build environment for this build project. |
AwsCodeBuildProjectEnvironmentRegistryCredential | The credentials for access to a private registry. |
AwsCodeBuildProjectSource | Information about the build input source code for this build project. |
AwsCodeBuildProjectVpcConfig | Information about the VPC configuration that AWS CodeBuild accesses. |
AwsEc2InstanceDetails | The details of an Amazon EC2 instance. |
AwsEc2NetworkInterfaceAttachment | Information about the network interface attachment. |
AwsEc2NetworkInterfaceDetails | Details about the network interface |
AwsEc2NetworkInterfaceSecurityGroup | A security group associated with the network interface. |
AwsEc2SecurityGroupDetails | Details about an EC2 security group. |
AwsEc2SecurityGroupIpPermission | An IP permission for an EC2 security group. |
AwsEc2SecurityGroupIpRange | A range of IPv4 addresses. |
AwsEc2SecurityGroupIpv6Range | A range of IPv6 addresses. |
AwsEc2SecurityGroupPrefixListId | A prefix list ID. |
AwsEc2SecurityGroupUserIdGroupPair | A relationship between a security group and a user. |
AwsEc2VolumeAttachment | An attachment to an AWS EC2 volume. |
AwsEc2VolumeDetails | Details about an EC2 volume. |
AwsEc2VpcDetails | Details about an EC2 VPC. |
AwsElasticsearchDomainDetails | Information about an Elasticsearch domain. |
AwsElasticsearchDomainDomainEndpointOptions | Additional options for the domain endpoint, such as whether to require HTTPS for all traffic. |
AwsElasticsearchDomainEncryptionAtRestOptions | Details about the configuration for encryption at rest. |
AwsElasticsearchDomainNodeToNodeEncryptionOptions | Details about the configuration for node-to-node encryption. |
AwsElasticsearchDomainVPCOptions | Information that Amazon ES derives based on |
AwsElbv2LoadBalancerDetails | Information about a load balancer. |
AwsIamAccessKeyDetails | IAM access key details related to a finding. |
AwsIamRoleDetails | Contains information about an IAM role, including all of the role's policies. |
AwsKmsKeyDetails | Contains metadata about a customer master key (CMK). |
AwsLambdaFunctionCode | The code for the Lambda function. You can specify either an object in Amazon S3, or upload a deployment package directly. |
AwsLambdaFunctionDeadLetterConfig | The dead-letter queue for failed asynchronous invocations. |
AwsLambdaFunctionDetails | Details about a function's configuration. |
AwsLambdaFunctionEnvironment | A function's environment variable settings. |
AwsLambdaFunctionEnvironmentError | Error messages for environment variables that couldn't be applied. |
AwsLambdaFunctionLayer | An AWS Lambda layer. |
AwsLambdaFunctionTracingConfig | The function's AWS X-Ray tracing configuration. |
AwsLambdaFunctionVpcConfig | The VPC security groups and subnets that are attached to a Lambda function. For more information, see VPC Settings. |
AwsLambdaLayerVersionDetails | Details about a Lambda layer version. |
AwsRdsDbInstanceAssociatedRole | An AWS Identity and Access Management (IAM) role associated with the DB instance. |
AwsRdsDbInstanceDetails | Contains the details of an Amazon RDS DB instance. |
AwsRdsDbInstanceEndpoint | Specifies the connection endpoint. |
AwsRdsDbInstanceVpcSecurityGroup | A VPC security groups that the DB instance belongs to. |
AwsS3BucketDetails | The details of an Amazon S3 bucket. |
AwsS3BucketServerSideEncryptionByDefault | Specifies the default server-side encryption to apply to new objects in the bucket. |
AwsS3BucketServerSideEncryptionConfiguration | The encryption configuration for the S3 bucket. |
AwsS3BucketServerSideEncryptionRule | An encryption rule to apply to the S3 bucket. |
AwsS3ObjectDetails | Details about an Amazon S3 object. |
AwsSecurityFinding | Provides consistent format for the contents of the Security Hub-aggregated findings. A finding is a potential security issue generated either by AWS services (Amazon GuardDuty, Amazon Inspector, and Amazon Macie) or by the integrated third-party solutions and standards checks. |
AwsSecurityFindingFilters | A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight. |
AwsSecurityFindingIdentifier | Identifies a finding to update using |
AwsSnsTopicDetails | A wrapper type for the topic's Amazon Resource Name (ARN). |
AwsSnsTopicSubscription | A wrapper type for the attributes of an Amazon SNS subscription. |
AwsSqsQueueDetails | Data about a queue. |
AwsWafWebAclDetails | Details about a WAF WebACL. |
AwsWafWebAclRule | Details for a rule in a WAF WebACL. |
BatchDisableStandardsRequest | |
BatchDisableStandardsResponse | |
BatchEnableStandardsRequest | |
BatchEnableStandardsResponse | |
BatchImportFindingsRequest | |
BatchImportFindingsResponse | |
BatchUpdateFindingsRequest | |
BatchUpdateFindingsResponse | |
BatchUpdateFindingsUnprocessedFinding | A finding from a |
CidrBlockAssociation | An IPv4 CIDR block association. |
Compliance | Contains finding details that are specific to control-based findings. Only returned for findings generated from controls. |
ContainerDetails | Container details related to a finding. |
CreateActionTargetRequest | |
CreateActionTargetResponse | |
CreateInsightRequest | |
CreateInsightResponse | |
CreateMembersRequest | |
CreateMembersResponse | |
Cvss | CVSS scores from the advisory related to the vulnerability. |
DateFilter | A date filter for querying findings. |
DateRange | A date range for the date filter. |
DeclineInvitationsRequest | |
DeclineInvitationsResponse | |
DeleteActionTargetRequest | |
DeleteActionTargetResponse | |
DeleteInsightRequest | |
DeleteInsightResponse | |
DeleteInvitationsRequest | |
DeleteInvitationsResponse | |
DeleteMembersRequest | |
DeleteMembersResponse | |
DescribeActionTargetsRequest | |
DescribeActionTargetsResponse | |
DescribeHubRequest | |
DescribeHubResponse | |
DescribeProductsRequest | |
DescribeProductsResponse | |
DescribeStandardsControlsRequest | |
DescribeStandardsControlsResponse | |
DescribeStandardsRequest | |
DescribeStandardsResponse | |
DisableImportFindingsForProductRequest | |
DisableImportFindingsForProductResponse | |
DisableSecurityHubRequest | |
DisableSecurityHubResponse | |
DisassociateFromMasterAccountRequest | |
DisassociateFromMasterAccountResponse | |
DisassociateMembersRequest | |
DisassociateMembersResponse | |
EnableImportFindingsForProductRequest | |
EnableImportFindingsForProductResponse | |
EnableSecurityHubRequest | |
EnableSecurityHubResponse | |
GetEnabledStandardsRequest | |
GetEnabledStandardsResponse | |
GetFindingsRequest | |
GetFindingsResponse | |
GetInsightResultsRequest | |
GetInsightResultsResponse | |
GetInsightsRequest | |
GetInsightsResponse | |
GetInvitationsCountRequest | |
GetInvitationsCountResponse | |
GetMasterAccountRequest | |
GetMasterAccountResponse | |
GetMembersRequest | |
GetMembersResponse | |
ImportFindingsError | The list of the findings that cannot be imported. For each finding, the list provides the error. |
Insight | Contains information about a Security Hub insight. |
InsightResultValue | The insight result values returned by the |
InsightResults | The insight results returned by the |
Invitation | Details about an invitation. |
InviteMembersRequest | |
InviteMembersResponse | |
IpFilter | The IP filter for querying findings. |
Ipv6CidrBlockAssociation | An IPV6 CIDR block association. |
KeywordFilter | A keyword filter for querying findings. |
ListEnabledProductsForImportRequest | |
ListEnabledProductsForImportResponse | |
ListInvitationsRequest | |
ListInvitationsResponse | |
ListMembersRequest | |
ListMembersResponse | |
ListTagsForResourceRequest | |
ListTagsForResourceResponse | |
LoadBalancerState | Information about the state of the load balancer. |
Malware | A list of malware related to a finding. |
MapFilter | The map filter for querying findings. |
Member | The details about a member account. |
Network | The details of network-related information about a finding. |
NetworkHeader | Details about a network path component that occurs before or after the current component. |
NetworkPathComponent | Information about a network path component. |
NetworkPathComponentDetails | Information about the destination of the next component in the network path. |
Note | A user-defined note added to a finding. |
NoteUpdate | The updated note. |
NumberFilter | A number filter for querying findings. |
PortRange | A range of ports. |
ProcessDetails | The details of process-related information about a finding. |
Product | Contains details about a product. |
Recommendation | A recommendation on how to remediate the issue identified in a finding. |
RelatedFinding | Details about a related finding. |
Remediation | Details about the remediation steps for a finding. |
Resource | A resource related to a finding. |
ResourceDetails | Additional details about a resource related to a finding. To provide the details, use the object that corresponds to the resource type. For example, if the resource type is If the type-specific object does not contain all of the fields you want to populate, then you use the You also use the |
SecurityHubClient | A client for the AWS SecurityHub API. |
SecurityHubResult | Details about the account that was not processed. |
Severity | The severity of the finding. |
SeverityUpdate | Updates to the severity information for a finding. |
SoftwarePackage | Information about a software package. |
SortCriterion | A collection of finding attributes used to sort findings. |
Standard | Provides information about a specific standard. |
StandardsControl | Details for an individual security standard control. |
StandardsSubscription | A resource that represents your subscription to a supported standard. |
StandardsSubscriptionRequest | The standard that you want to enable. |
StatusReason | Provides additional context for the value of |
StringFilter | A string filter for querying findings. |
TagResourceRequest | |
TagResourceResponse | |
ThreatIntelIndicator | Details about the threat intelligence related to a finding. |
UntagResourceRequest | |
UntagResourceResponse | |
UpdateActionTargetRequest | |
UpdateActionTargetResponse | |
UpdateFindingsRequest | |
UpdateFindingsResponse | |
UpdateInsightRequest | |
UpdateInsightResponse | |
UpdateStandardsControlRequest | |
UpdateStandardsControlResponse | |
Vulnerability | A vulnerability associated with a finding. |
VulnerabilityVendor | A vendor that generates a vulnerability report. |
WafAction | Details about the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. |
WafExcludedRule | Details about a rule to exclude from a rule group. |
WafOverrideAction | Details about an override action for a rule. |
Workflow | Provides information about the status of the investigation into a finding. |
WorkflowUpdate | Used to update information about the investigation into the finding. |
Enums
AcceptInvitationError | Errors returned by AcceptInvitation |
BatchDisableStandardsError | Errors returned by BatchDisableStandards |
BatchEnableStandardsError | Errors returned by BatchEnableStandards |
BatchImportFindingsError | Errors returned by BatchImportFindings |
BatchUpdateFindingsError | Errors returned by BatchUpdateFindings |
CreateActionTargetError | Errors returned by CreateActionTarget |
CreateInsightError | Errors returned by CreateInsight |
CreateMembersError | Errors returned by CreateMembers |
DeclineInvitationsError | Errors returned by DeclineInvitations |
DeleteActionTargetError | Errors returned by DeleteActionTarget |
DeleteInsightError | Errors returned by DeleteInsight |
DeleteInvitationsError | Errors returned by DeleteInvitations |
DeleteMembersError | Errors returned by DeleteMembers |
DescribeActionTargetsError | Errors returned by DescribeActionTargets |
DescribeHubError | Errors returned by DescribeHub |
DescribeProductsError | Errors returned by DescribeProducts |
DescribeStandardsControlsError | Errors returned by DescribeStandardsControls |
DescribeStandardsError | Errors returned by DescribeStandards |
DisableImportFindingsForProductError | Errors returned by DisableImportFindingsForProduct |
DisableSecurityHubError | Errors returned by DisableSecurityHub |
DisassociateFromMasterAccountError | Errors returned by DisassociateFromMasterAccount |
DisassociateMembersError | Errors returned by DisassociateMembers |
EnableImportFindingsForProductError | Errors returned by EnableImportFindingsForProduct |
EnableSecurityHubError | Errors returned by EnableSecurityHub |
GetEnabledStandardsError | Errors returned by GetEnabledStandards |
GetFindingsError | Errors returned by GetFindings |
GetInsightResultsError | Errors returned by GetInsightResults |
GetInsightsError | Errors returned by GetInsights |
GetInvitationsCountError | Errors returned by GetInvitationsCount |
GetMasterAccountError | Errors returned by GetMasterAccount |
GetMembersError | Errors returned by GetMembers |
InviteMembersError | Errors returned by InviteMembers |
ListEnabledProductsForImportError | Errors returned by ListEnabledProductsForImport |
ListInvitationsError | Errors returned by ListInvitations |
ListMembersError | Errors returned by ListMembers |
ListTagsForResourceError | Errors returned by ListTagsForResource |
TagResourceError | Errors returned by TagResource |
UntagResourceError | Errors returned by UntagResource |
UpdateActionTargetError | Errors returned by UpdateActionTarget |
UpdateFindingsError | Errors returned by UpdateFindings |
UpdateInsightError | Errors returned by UpdateInsight |
UpdateStandardsControlError | Errors returned by UpdateStandardsControl |
Traits
SecurityHub | Trait representing the capabilities of the AWS SecurityHub API. AWS SecurityHub clients implement this trait. |