| Class | Description |
|---|---|
| AcceptInvitationRequest | |
| AcceptInvitationResult | |
| AccountDetails |
The details of an AWS account.
|
| ActionTarget |
An
ActionTarget object. |
| AdminAccount |
Represents a Security Hub administrator account designated by an organization management account.
|
| AvailabilityZone |
Information about an Availability Zone.
|
| AwsApiGatewayAccessLogSettings |
Contains information about settings for logging access for the stage.
|
| AwsApiGatewayCanarySettings |
Contains information about settings for canary deployment in the stage.
|
| AwsApiGatewayEndpointConfiguration |
Contains information about the endpoints for the API.
|
| AwsApiGatewayMethodSettings |
Defines settings for a method for the stage.
|
| AwsApiGatewayRestApiDetails |
contains information about a REST API in version 1 of Amazon API Gateway.
|
| AwsApiGatewayStageDetails |
Provides information about a version 1 Amazon API Gateway stage.
|
| AwsApiGatewayV2ApiDetails |
Contains information about a version 2 API in Amazon API Gateway.
|
| AwsApiGatewayV2RouteSettings |
Contains route settings for a stage.
|
| AwsApiGatewayV2StageDetails |
Contains information about a version 2 stage for Amazon API Gateway.
|
| AwsAutoScalingAutoScalingGroupDetails |
Provides details about an auto scaling group.
|
| AwsCertificateManagerCertificateDetails |
Provides details about an AWS Certificate Manager certificate.
|
| AwsCertificateManagerCertificateDomainValidationOption |
Contains information about one of the following:
|
| AwsCertificateManagerCertificateExtendedKeyUsage |
Contains information about an extended key usage X.509 v3 extension object.
|
| AwsCertificateManagerCertificateKeyUsage |
Contains information about a key usage X.509 v3 extension object.
|
| AwsCertificateManagerCertificateOptions |
Contains other options for the certificate.
|
| AwsCertificateManagerCertificateRenewalSummary |
Contains information about the AWS Certificate Manager managed renewal for an
AMAZON_ISSUED certificate. |
| AwsCertificateManagerCertificateResourceRecord |
Provides details about the CNAME record that is added to the DNS database for domain validation.
|
| AwsCloudFrontDistributionCacheBehavior |
Information about a cache behavior for the distribution.
|
| AwsCloudFrontDistributionCacheBehaviors |
Provides information about caching for the distribution.
|
| AwsCloudFrontDistributionDefaultCacheBehavior |
Contains information about the default cache configuration for the distribution.
|
| AwsCloudFrontDistributionDetails |
A distribution configuration.
|
| AwsCloudFrontDistributionLogging |
A complex type that controls whether access logs are written for the distribution.
|
| AwsCloudFrontDistributionOriginGroup |
Information about an origin group for the distribution.
|
| AwsCloudFrontDistributionOriginGroupFailover |
Provides information about when an origin group fails over.
|
| AwsCloudFrontDistributionOriginGroupFailoverStatusCodes |
The status codes that cause an origin group to fail over.
|
| AwsCloudFrontDistributionOriginGroups |
Provides information about origin groups that are associated with the distribution.
|
| AwsCloudFrontDistributionOriginItem |
A complex type that describes the Amazon S3 bucket, HTTP server (for example, a web server), Amazon Elemental
MediaStore, or other server from which CloudFront gets your files.
|
| AwsCloudFrontDistributionOrigins |
A complex type that contains information about origins and origin groups for this distribution.
|
| AwsCloudFrontDistributionOriginS3OriginConfig |
Information about an origin that is an S3 bucket that is not configured with static website hosting.
|
| AwsCloudTrailTrailDetails |
Provides details about a CloudTrail trail.
|
| AwsCodeBuildProjectDetails |
Information about an AWS CodeBuild project.
|
| AwsCodeBuildProjectEnvironment |
Information about the build environment for this build project.
|
| AwsCodeBuildProjectEnvironmentRegistryCredential |
The credentials for access to a private registry.
|
| AwsCodeBuildProjectSource |
Information about the build input source code for this build project.
|
| AwsCodeBuildProjectVpcConfig |
Information about the VPC configuration that AWS CodeBuild accesses.
|
| AwsCorsConfiguration |
Contains the cross-origin resource sharing (CORS) configuration for the API.
|
| AwsDynamoDbTableAttributeDefinition |
Contains a definition of an attribute for the table.
|
| AwsDynamoDbTableBillingModeSummary |
Provides information about the billing for read/write capacity on the table.
|
| AwsDynamoDbTableDetails |
Provides details about a DynamoDB table.
|
| AwsDynamoDbTableGlobalSecondaryIndex |
Information abut a global secondary index for the table.
|
| AwsDynamoDbTableKeySchema |
A component of the key schema for the DynamoDB table, a global secondary index, or a local secondary index.
|
| AwsDynamoDbTableLocalSecondaryIndex |
Information about a local secondary index for a DynamoDB table.
|
| AwsDynamoDbTableProjection |
For global and local secondary indexes, identifies the attributes that are copied from the table into the index.
|
| AwsDynamoDbTableProvisionedThroughput |
Information about the provisioned throughput for the table or for a global secondary index.
|
| AwsDynamoDbTableProvisionedThroughputOverride |
Replica-specific configuration for the provisioned throughput.
|
| AwsDynamoDbTableReplica |
Information about a replica of a DynamoDB table.
|
| AwsDynamoDbTableReplicaGlobalSecondaryIndex |
Information about a global secondary index for a DynamoDB table replica.
|
| AwsDynamoDbTableRestoreSummary |
Information about the restore for the table.
|
| AwsDynamoDbTableSseDescription |
Information about the server-side encryption for the table.
|
| AwsDynamoDbTableStreamSpecification |
The current DynamoDB Streams configuration for the table.
|
| AwsEc2EipDetails |
Information about an Elastic IP address.
|
| AwsEc2InstanceDetails |
The details of an Amazon EC2 instance.
|
| AwsEc2NetworkInterfaceAttachment |
Information about the network interface attachment.
|
| AwsEc2NetworkInterfaceDetails |
Details about the network interface
|
| AwsEc2NetworkInterfaceSecurityGroup |
A security group associated with the network interface.
|
| AwsEc2SecurityGroupDetails |
Details about an EC2 security group.
|
| AwsEc2SecurityGroupIpPermission |
An IP permission for an EC2 security group.
|
| AwsEc2SecurityGroupIpRange |
A range of IPv4 addresses.
|
| AwsEc2SecurityGroupIpv6Range |
A range of IPv6 addresses.
|
| AwsEc2SecurityGroupPrefixListId |
A prefix list ID.
|
| AwsEc2SecurityGroupUserIdGroupPair |
A relationship between a security group and a user.
|
| AwsEc2VolumeAttachment |
An attachment to an AWS EC2 volume.
|
| AwsEc2VolumeDetails |
Details about an EC2 volume.
|
| AwsEc2VpcDetails |
Details about an EC2 VPC.
|
| AwsElasticsearchDomainDetails |
Information about an Elasticsearch domain.
|
| AwsElasticsearchDomainDomainEndpointOptions |
Additional options for the domain endpoint, such as whether to require HTTPS for all traffic.
|
| AwsElasticsearchDomainEncryptionAtRestOptions |
Details about the configuration for encryption at rest.
|
| AwsElasticsearchDomainNodeToNodeEncryptionOptions |
Details about the configuration for node-to-node encryption.
|
| AwsElasticsearchDomainVPCOptions |
Information that Amazon ES derives based on
VPCOptions for the domain. |
| AwsElbAppCookieStickinessPolicy |
Contains information about a stickiness policy that was created using
CreateAppCookieStickinessPolicy. |
| AwsElbLbCookieStickinessPolicy |
Contains information about a stickiness policy that was created using
CreateLBCookieStickinessPolicy. |
| AwsElbLoadBalancerAccessLog |
Contains information about the access log configuration for the load balancer.
|
| AwsElbLoadBalancerAttributes |
Contains attributes for the load balancer.
|
| AwsElbLoadBalancerBackendServerDescription |
Provides information about the configuration of an EC2 instance for the load balancer.
|
| AwsElbLoadBalancerConnectionDraining |
Contains information about the connection draining configuration for the load balancer.
|
| AwsElbLoadBalancerConnectionSettings |
Contains connection settings for the load balancer.
|
| AwsElbLoadBalancerCrossZoneLoadBalancing |
Contains cross-zone load balancing settings for the load balancer.
|
| AwsElbLoadBalancerDetails |
Contains details about a Classic Load Balancer.
|
| AwsElbLoadBalancerHealthCheck |
Contains information about the health checks that are conducted on the load balancer.
|
| AwsElbLoadBalancerInstance |
Provides information about an EC2 instance for a load balancer.
|
| AwsElbLoadBalancerListener |
Information about a load balancer listener.
|
| AwsElbLoadBalancerListenerDescription |
Lists the policies that are enabled for a load balancer listener.
|
| AwsElbLoadBalancerPolicies |
Contains information about the policies for a load balancer.
|
| AwsElbLoadBalancerSourceSecurityGroup |
Contains information about the security group for the load balancer.
|
| AwsElbv2LoadBalancerDetails |
Information about a load balancer.
|
| AwsIamAccessKeyDetails |
IAM access key details related to a finding.
|
| AwsIamAccessKeySessionContext |
Provides information about the session that the key was used for.
|
| AwsIamAccessKeySessionContextAttributes |
Attributes of the session that the key was used for.
|
| AwsIamAccessKeySessionContextSessionIssuer |
Information about the entity that created the session.
|
| AwsIamAttachedManagedPolicy |
A managed policy that is attached to an IAM principal.
|
| AwsIamGroupDetails |
Contains details about an IAM group.
|
| AwsIamGroupPolicy |
A managed policy that is attached to the IAM group.
|
| AwsIamInstanceProfile |
Information about an instance profile.
|
| AwsIamInstanceProfileRole |
Information about a role associated with an instance profile.
|
| AwsIamPermissionsBoundary |
Information about the policy used to set the permissions boundary for an IAM principal.
|
| AwsIamPolicyDetails |
Represents an IAM permissions policy.
|
| AwsIamPolicyVersion |
A version of an IAM policy.
|
| AwsIamRoleDetails |
Contains information about an IAM role, including all of the role's policies.
|
| AwsIamRolePolicy |
An inline policy that is embedded in the role.
|
| AwsIamUserDetails |
Information about an IAM user.
|
| AwsIamUserPolicy |
Information about an inline policy that is embedded in the user.
|
| AwsKmsKeyDetails |
Contains metadata about a customer master key (CMK).
|
| AwsLambdaFunctionCode |
The code for the Lambda function.
|
| AwsLambdaFunctionDeadLetterConfig |
The dead-letter queue for failed asynchronous invocations.
|
| AwsLambdaFunctionDetails |
Details about a function's configuration.
|
| AwsLambdaFunctionEnvironment |
A function's environment variable settings.
|
| AwsLambdaFunctionEnvironmentError |
Error messages for environment variables that couldn't be applied.
|
| AwsLambdaFunctionLayer |
An AWS Lambda layer.
|
| AwsLambdaFunctionTracingConfig |
The function's AWS X-Ray tracing configuration.
|
| AwsLambdaFunctionVpcConfig |
The VPC security groups and subnets that are attached to a Lambda function.
|
| AwsLambdaLayerVersionDetails |
Details about a Lambda layer version.
|
| AwsRdsDbClusterAssociatedRole |
An IAM role that is associated with the Amazon RDS DB cluster.
|
| AwsRdsDbClusterDetails |
Information about an Amazon RDS DB cluster.
|
| AwsRdsDbClusterMember |
Information about an instance in the DB cluster.
|
| AwsRdsDbClusterOptionGroupMembership |
Information about an option group membership for a DB cluster.
|
| AwsRdsDbClusterSnapshotDetails |
Information about an Amazon RDS DB cluster snapshot.
|
| AwsRdsDbDomainMembership |
Information about an Active Directory domain membership record associated with the DB instance.
|
| AwsRdsDbInstanceAssociatedRole |
An AWS Identity and Access Management (IAM) role associated with the DB instance.
|
| AwsRdsDbInstanceDetails |
Contains the details of an Amazon RDS DB instance.
|
| AwsRdsDbInstanceEndpoint |
Specifies the connection endpoint.
|
| AwsRdsDbInstanceVpcSecurityGroup |
A VPC security groups that the DB instance belongs to.
|
| AwsRdsDbOptionGroupMembership |
|
| AwsRdsDbParameterGroup |
|
| AwsRdsDbPendingModifiedValues |
|
| AwsRdsDbProcessorFeature |
|
| AwsRdsDbSnapshotDetails |
|
| AwsRdsDbStatusInfo |
Information about the status of a read replica.
|
| AwsRdsDbSubnetGroup |
Information about the subnet group for the database instance.
|
| AwsRdsDbSubnetGroupSubnet |
Information about a subnet in a subnet group.
|
| AwsRdsDbSubnetGroupSubnetAvailabilityZone |
An Availability Zone for a subnet in a subnet group.
|
| AwsRdsPendingCloudWatchLogsExports |
Identifies the log types to enable and disable.
|
| AwsRedshiftClusterClusterNode |
A node in an Amazon Redshift cluster.
|
| AwsRedshiftClusterClusterParameterGroup |
A cluster parameter group that is associated with an Amazon Redshift cluster.
|
| AwsRedshiftClusterClusterParameterStatus |
The status of a parameter in a cluster parameter group for an Amazon Redshift cluster.
|
| AwsRedshiftClusterClusterSecurityGroup |
A security group that is associated with the cluster.
|
| AwsRedshiftClusterClusterSnapshotCopyStatus |
Information about a cross-Region snapshot copy.
|
| AwsRedshiftClusterDeferredMaintenanceWindow |
A time windows during which maintenance was deferred for an Amazon Redshift cluster.
|
| AwsRedshiftClusterDetails |
Details about an Amazon Redshift cluster.
|
| AwsRedshiftClusterElasticIpStatus |
The status of the elastic IP (EIP) address for an Amazon Redshift cluster.
|
| AwsRedshiftClusterEndpoint |
The connection endpoint for an Amazon Redshift cluster.
|
| AwsRedshiftClusterHsmStatus |
Information about whether an Amazon Redshift cluster finished applying any hardware changes to security module (HSM)
settings that were specified in a modify cluster command.
|
| AwsRedshiftClusterIamRole |
An IAM role that the cluster can use to access other AWS services.
|
| AwsRedshiftClusterPendingModifiedValues |
Changes to the Amazon Redshift cluster that are currently pending.
|
| AwsRedshiftClusterResizeInfo |
Information about the resize operation for the cluster.
|
| AwsRedshiftClusterRestoreStatus |
Information about the status of a cluster restore action.
|
| AwsRedshiftClusterVpcSecurityGroup |
A VPC security group that the cluster belongs to, if the cluster is in a VPC.
|
| AwsS3BucketDetails |
The details of an Amazon S3 bucket.
|
| AwsS3BucketServerSideEncryptionByDefault |
Specifies the default server-side encryption to apply to new objects in the bucket.
|
| AwsS3BucketServerSideEncryptionConfiguration |
The encryption configuration for the S3 bucket.
|
| AwsS3BucketServerSideEncryptionRule |
An encryption rule to apply to the S3 bucket.
|
| AwsS3ObjectDetails |
Details about an Amazon S3 object.
|
| AwsSecretsManagerSecretDetails |
Details about an AWS Secrets Manager secret.
|
| AwsSecretsManagerSecretRotationRules |
Defines the rotation schedule for the secret.
|
| AwsSecurityFinding |
Provides consistent format for the contents of the Security Hub-aggregated findings.
|
| AwsSecurityFindingFilters |
A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a
subset of findings that are included in this insight.
|
| AwsSecurityFindingIdentifier |
Identifies a finding to update using
BatchUpdateFindings. |
| AwsSnsTopicDetails |
A wrapper type for the topic's Amazon Resource Name (ARN).
|
| AwsSnsTopicSubscription |
A wrapper type for the attributes of an Amazon SNS subscription.
|
| AwsSqsQueueDetails |
Data about a queue.
|
| AwsWafWebAclDetails |
Details about a WAF WebACL.
|
| AwsWafWebAclRule |
Details for a rule in a WAF WebACL.
|
| BatchDisableStandardsRequest | |
| BatchDisableStandardsResult | |
| BatchEnableStandardsRequest | |
| BatchEnableStandardsResult | |
| BatchImportFindingsRequest | |
| BatchImportFindingsResult | |
| BatchUpdateFindingsRequest | |
| BatchUpdateFindingsResult | |
| BatchUpdateFindingsUnprocessedFinding |
A finding from a
BatchUpdateFindings request that Security Hub was unable to update. |
| CidrBlockAssociation |
An IPv4 CIDR block association.
|
| Compliance |
Contains finding details that are specific to control-based findings.
|
| ContainerDetails |
Container details related to a finding.
|
| CreateActionTargetRequest | |
| CreateActionTargetResult | |
| CreateInsightRequest | |
| CreateInsightResult | |
| CreateMembersRequest | |
| CreateMembersResult | |
| Cvss |
CVSS scores from the advisory related to the vulnerability.
|
| DateFilter |
A date filter for querying findings.
|
| DateRange |
A date range for the date filter.
|
| DeclineInvitationsRequest | |
| DeclineInvitationsResult | |
| DeleteActionTargetRequest | |
| DeleteActionTargetResult | |
| DeleteInsightRequest | |
| DeleteInsightResult | |
| DeleteInvitationsRequest | |
| DeleteInvitationsResult | |
| DeleteMembersRequest | |
| DeleteMembersResult | |
| DescribeActionTargetsRequest | |
| DescribeActionTargetsResult | |
| DescribeHubRequest | |
| DescribeHubResult | |
| DescribeOrganizationConfigurationRequest | |
| DescribeOrganizationConfigurationResult | |
| DescribeProductsRequest | |
| DescribeProductsResult | |
| DescribeStandardsControlsRequest | |
| DescribeStandardsControlsResult | |
| DescribeStandardsRequest | |
| DescribeStandardsResult | |
| DisableImportFindingsForProductRequest | |
| DisableImportFindingsForProductResult | |
| DisableOrganizationAdminAccountRequest | |
| DisableOrganizationAdminAccountResult | |
| DisableSecurityHubRequest | |
| DisableSecurityHubResult | |
| DisassociateFromMasterAccountRequest | |
| DisassociateFromMasterAccountResult | |
| DisassociateMembersRequest | |
| DisassociateMembersResult | |
| EnableImportFindingsForProductRequest | |
| EnableImportFindingsForProductResult | |
| EnableOrganizationAdminAccountRequest | |
| EnableOrganizationAdminAccountResult | |
| EnableSecurityHubRequest | |
| EnableSecurityHubResult | |
| GetEnabledStandardsRequest | |
| GetEnabledStandardsResult | |
| GetFindingsRequest | |
| GetFindingsResult | |
| GetInsightResultsRequest | |
| GetInsightResultsResult | |
| GetInsightsRequest | |
| GetInsightsResult | |
| GetInvitationsCountRequest | |
| GetInvitationsCountResult | |
| GetMasterAccountRequest | |
| GetMasterAccountResult | |
| GetMembersRequest | |
| GetMembersResult | |
| ImportFindingsError |
The list of the findings that cannot be imported.
|
| Insight |
Contains information about a Security Hub insight.
|
| InsightResults |
The insight results returned by the
GetInsightResults operation. |
| InsightResultValue |
The insight result values returned by the
GetInsightResults operation. |
| Invitation |
Details about an invitation.
|
| InviteMembersRequest | |
| InviteMembersResult | |
| IpFilter |
The IP filter for querying findings.
|
| Ipv6CidrBlockAssociation |
An IPV6 CIDR block association.
|
| KeywordFilter |
A keyword filter for querying findings.
|
| ListEnabledProductsForImportRequest | |
| ListEnabledProductsForImportResult | |
| ListInvitationsRequest | |
| ListInvitationsResult | |
| ListMembersRequest | |
| ListMembersResult | |
| ListOrganizationAdminAccountsRequest | |
| ListOrganizationAdminAccountsResult | |
| ListTagsForResourceRequest | |
| ListTagsForResourceResult | |
| LoadBalancerState |
Information about the state of the load balancer.
|
| Malware |
A list of malware related to a finding.
|
| MapFilter |
A map filter for querying findings.
|
| Member |
The details about a member account.
|
| Network |
The details of network-related information about a finding.
|
| NetworkHeader |
Details about a network path component that occurs before or after the current component.
|
| NetworkPathComponent |
Information about a network path component.
|
| NetworkPathComponentDetails |
Information about the destination of the next component in the network path.
|
| Note |
A user-defined note added to a finding.
|
| NoteUpdate |
The updated note.
|
| NumberFilter |
A number filter for querying findings.
|
| PatchSummary |
Provides an overview of the patch compliance status for an instance against a selected compliance standard.
|
| PortRange |
A range of ports.
|
| ProcessDetails |
The details of process-related information about a finding.
|
| Product |
Contains details about a product.
|
| Recommendation |
A recommendation on how to remediate the issue identified in a finding.
|
| RelatedFinding |
Details about a related finding.
|
| Remediation |
Details about the remediation steps for a finding.
|
| Resource |
A resource related to a finding.
|
| ResourceDetails |
Additional details about a resource related to a finding.
|
| Result |
Details about the account that was not processed.
|
| Severity |
The severity of the finding.
|
| SeverityUpdate |
Updates to the severity information for a finding.
|
| SoftwarePackage |
Information about a software package.
|
| SortCriterion |
A collection of finding attributes used to sort findings.
|
| Standard |
Provides information about a specific standard.
|
| StandardsControl |
Details for an individual security standard control.
|
| StandardsSubscription |
A resource that represents your subscription to a supported standard.
|
| StandardsSubscriptionRequest |
The standard that you want to enable.
|
| StatusReason |
Provides additional context for the value of
Compliance.Status. |
| StringFilter |
A string filter for querying findings.
|
| TagResourceRequest | |
| TagResourceResult | |
| ThreatIntelIndicator |
Details about the threat intelligence related to a finding.
|
| UntagResourceRequest | |
| UntagResourceResult | |
| UpdateActionTargetRequest | |
| UpdateActionTargetResult | |
| UpdateFindingsRequest | |
| UpdateFindingsResult | |
| UpdateInsightRequest | |
| UpdateInsightResult | |
| UpdateOrganizationConfigurationRequest | |
| UpdateOrganizationConfigurationResult | |
| UpdateSecurityHubConfigurationRequest | |
| UpdateSecurityHubConfigurationResult | |
| UpdateStandardsControlRequest | |
| UpdateStandardsControlResult | |
| Vulnerability |
A vulnerability associated with a finding.
|
| VulnerabilityVendor |
A vendor that generates a vulnerability report.
|
| WafAction |
Details about the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule.
|
| WafExcludedRule |
Details about a rule to exclude from a rule group.
|
| WafOverrideAction |
Details about an override action for a rule.
|
| Workflow |
Provides information about the status of the investigation into a finding.
|
| WorkflowUpdate |
Used to update information about the investigation into the finding.
|
| Exception | Description |
|---|---|
| AccessDeniedException |
You don't have permission to perform the action specified in the request.
|
| AWSSecurityHubException |
Base exception for all service exceptions thrown by AWS SecurityHub
|
| InternalException |
Internal server error.
|
| InvalidAccessException |
There is an issue with the account used to make the request.
|
| InvalidInputException |
The request was rejected because you supplied an invalid or out-of-range value for an input parameter.
|
| LimitExceededException |
The request was rejected because it attempted to create resources beyond the current AWS account or throttling
limits.
|
| ResourceConflictException |
The resource specified in the request conflicts with an existing resource.
|
| ResourceNotFoundException |
The request was rejected because we can't find the specified resource.
|