feat(client-securityhub): Adds and updates APIs to support customizable security controls. This feature allows Security Hub customers to provide custom parameters for security controls. With this release, findings for controls that support custom parameters will include the parameters used to generate the findings.

Author: awstools

clients/client-securityhub/README.md

@@ -633,6 +633,14 @@ GetMembers
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/securityhub/command/GetMembersCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-securityhub/Interface/GetMembersCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-securityhub/Interface/GetMembersCommandOutput/)
 
+</details>
+<details>
+<summary>
+GetSecurityControlDefinition
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/securityhub/command/GetSecurityControlDefinitionCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-securityhub/Interface/GetSecurityControlDefinitionCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-securityhub/Interface/GetSecurityControlDefinitionCommandOutput/)
+
 </details>
 <details>
 <summary>
@@ -769,6 +777,14 @@ UpdateOrganizationConfiguration
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/securityhub/command/UpdateOrganizationConfigurationCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-securityhub/Interface/UpdateOrganizationConfigurationCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-securityhub/Interface/UpdateOrganizationConfigurationCommandOutput/)
 
+</details>
+<details>
+<summary>
+UpdateSecurityControl
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/securityhub/command/UpdateSecurityControlCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-securityhub/Interface/UpdateSecurityControlCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-securityhub/Interface/UpdateSecurityControlCommandOutput/)
+
 </details>
 <details>
 <summary>

clients/client-securityhub/src/SecurityHub.ts

@@ -226,6 +226,11 @@ import {
   GetMasterAccountCommandOutput,
 } from "./commands/GetMasterAccountCommand";
 import { GetMembersCommand, GetMembersCommandInput, GetMembersCommandOutput } from "./commands/GetMembersCommand";
+import {
+  GetSecurityControlDefinitionCommand,
+  GetSecurityControlDefinitionCommandInput,
+  GetSecurityControlDefinitionCommandOutput,
+} from "./commands/GetSecurityControlDefinitionCommand";
 import {
   InviteMembersCommand,
   InviteMembersCommandInput,
@@ -303,6 +308,11 @@ import {
   UpdateOrganizationConfigurationCommandInput,
   UpdateOrganizationConfigurationCommandOutput,
 } from "./commands/UpdateOrganizationConfigurationCommand";
+import {
+  UpdateSecurityControlCommand,
+  UpdateSecurityControlCommandInput,
+  UpdateSecurityControlCommandOutput,
+} from "./commands/UpdateSecurityControlCommand";
 import {
   UpdateSecurityHubConfigurationCommand,
   UpdateSecurityHubConfigurationCommandInput,
@@ -364,6 +374,7 @@ const commands = {
   GetInvitationsCountCommand,
   GetMasterAccountCommand,
   GetMembersCommand,
+  GetSecurityControlDefinitionCommand,
   InviteMembersCommand,
   ListAutomationRulesCommand,
   ListEnabledProductsForImportCommand,
@@ -381,6 +392,7 @@ const commands = {
   UpdateFindingsCommand,
   UpdateInsightCommand,
   UpdateOrganizationConfigurationCommand,
+  UpdateSecurityControlCommand,
   UpdateSecurityHubConfigurationCommand,
   UpdateStandardsControlCommand,
 };
@@ -1154,6 +1166,23 @@ export interface SecurityHub {
     cb: (err: any, data?: GetMembersCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link GetSecurityControlDefinitionCommand}
+   */
+  getSecurityControlDefinition(
+    args: GetSecurityControlDefinitionCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<GetSecurityControlDefinitionCommandOutput>;
+  getSecurityControlDefinition(
+    args: GetSecurityControlDefinitionCommandInput,
+    cb: (err: any, data?: GetSecurityControlDefinitionCommandOutput) => void
+  ): void;
+  getSecurityControlDefinition(
+    args: GetSecurityControlDefinitionCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: GetSecurityControlDefinitionCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link InviteMembersCommand}
    */
@@ -1407,6 +1436,23 @@ export interface SecurityHub {
     cb: (err: any, data?: UpdateOrganizationConfigurationCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link UpdateSecurityControlCommand}
+   */
+  updateSecurityControl(
+    args: UpdateSecurityControlCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<UpdateSecurityControlCommandOutput>;
+  updateSecurityControl(
+    args: UpdateSecurityControlCommandInput,
+    cb: (err: any, data?: UpdateSecurityControlCommandOutput) => void
+  ): void;
+  updateSecurityControl(
+    args: UpdateSecurityControlCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: UpdateSecurityControlCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link UpdateSecurityHubConfigurationCommand}
    */

clients/client-securityhub/src/SecurityHubClient.ts

@@ -182,6 +182,10 @@ import {
 } from "./commands/GetInvitationsCountCommand";
 import { GetMasterAccountCommandInput, GetMasterAccountCommandOutput } from "./commands/GetMasterAccountCommand";
 import { GetMembersCommandInput, GetMembersCommandOutput } from "./commands/GetMembersCommand";
+import {
+  GetSecurityControlDefinitionCommandInput,
+  GetSecurityControlDefinitionCommandOutput,
+} from "./commands/GetSecurityControlDefinitionCommand";
 import { InviteMembersCommandInput, InviteMembersCommandOutput } from "./commands/InviteMembersCommand";
 import {
   ListAutomationRulesCommandInput,
@@ -226,6 +230,10 @@ import {
   UpdateOrganizationConfigurationCommandInput,
   UpdateOrganizationConfigurationCommandOutput,
 } from "./commands/UpdateOrganizationConfigurationCommand";
+import {
+  UpdateSecurityControlCommandInput,
+  UpdateSecurityControlCommandOutput,
+} from "./commands/UpdateSecurityControlCommand";
 import {
   UpdateSecurityHubConfigurationCommandInput,
   UpdateSecurityHubConfigurationCommandOutput,
@@ -297,6 +305,7 @@ export type ServiceInputTypes =
   | GetInvitationsCountCommandInput
   | GetMasterAccountCommandInput
   | GetMembersCommandInput
+  | GetSecurityControlDefinitionCommandInput
   | InviteMembersCommandInput
   | ListAutomationRulesCommandInput
   | ListEnabledProductsForImportCommandInput
@@ -314,6 +323,7 @@ export type ServiceInputTypes =
   | UpdateFindingsCommandInput
   | UpdateInsightCommandInput
   | UpdateOrganizationConfigurationCommandInput
+  | UpdateSecurityControlCommandInput
   | UpdateSecurityHubConfigurationCommandInput
   | UpdateStandardsControlCommandInput;
 
@@ -369,6 +379,7 @@ export type ServiceOutputTypes =
   | GetInvitationsCountCommandOutput
   | GetMasterAccountCommandOutput
   | GetMembersCommandOutput
+  | GetSecurityControlDefinitionCommandOutput
   | InviteMembersCommandOutput
   | ListAutomationRulesCommandOutput
   | ListEnabledProductsForImportCommandOutput
@@ -386,6 +397,7 @@ export type ServiceOutputTypes =
   | UpdateFindingsCommandOutput
   | UpdateInsightCommandOutput
   | UpdateOrganizationConfigurationCommandOutput
+  | UpdateSecurityControlCommandOutput
   | UpdateSecurityHubConfigurationCommandOutput
   | UpdateStandardsControlCommandOutput;
 

clients/client-securityhub/src/commands/BatchGetAutomationRulesCommand.ts

@@ -138,13 +138,17 @@ export interface BatchGetAutomationRulesCommandOutput extends BatchGetAutomation
  * //           { // NumberFilter
  * //             Gte: Number("double"),
  * //             Lte: Number("double"),
+ * //             Gt: Number("double"),
+ * //             Lt: Number("double"),
  * //             Eq: Number("double"),
  * //           },
  * //         ],
  * //         Criticality: [
  * //           {
  * //             Gte: Number("double"),
  * //             Lte: Number("double"),
+ * //             Gt: Number("double"),
+ * //             Lt: Number("double"),
  * //             Eq: Number("double"),
  * //           },
  * //         ],

clients/client-securityhub/src/commands/BatchGetSecurityControlsCommand.ts

@@ -63,6 +63,29 @@ export interface BatchGetSecurityControlsCommandOutput extends BatchGetSecurityC
  * //       RemediationUrl: "STRING_VALUE", // required
  * //       SeverityRating: "LOW" || "MEDIUM" || "HIGH" || "CRITICAL", // required
  * //       SecurityControlStatus: "ENABLED" || "DISABLED", // required
+ * //       UpdateStatus: "READY" || "UPDATING",
+ * //       Parameters: { // Parameters
+ * //         "<keys>": { // ParameterConfiguration
+ * //           ValueType: "DEFAULT" || "CUSTOM", // required
+ * //           Value: { // ParameterValue Union: only one key present
+ * //             Integer: Number("int"),
+ * //             IntegerList: [ // IntegerList
+ * //               Number("int"),
+ * //             ],
+ * //             Double: Number("double"),
+ * //             String: "STRING_VALUE",
+ * //             StringList: [ // StringList
+ * //               "STRING_VALUE",
+ * //             ],
+ * //             Boolean: true || false,
+ * //             Enum: "STRING_VALUE",
+ * //             EnumList: [
+ * //               "STRING_VALUE",
+ * //             ],
+ * //           },
+ * //         },
+ * //       },
+ * //       LastUpdateReason: "STRING_VALUE",
  * //     },
  * //   ],
  * //   UnprocessedIds: [ // UnprocessedSecurityControls

clients/client-securityhub/src/commands/BatchImportFindingsCommand.ts

@@ -4005,6 +4005,14 @@ export interface BatchImportFindingsCommandOutput extends BatchImportFindingsRes
  *             StandardsId: "STRING_VALUE",
  *           },
  *         ],
+ *         SecurityControlParameters: [ // SecurityControlParametersList
+ *           { // SecurityControlParameter
+ *             Name: "STRING_VALUE",
+ *             Value: [
+ *               "STRING_VALUE",
+ *             ],
+ *           },
+ *         ],
  *       },
  *       VerificationState: "UNKNOWN" || "TRUE_POSITIVE" || "FALSE_POSITIVE" || "BENIGN_POSITIVE",
  *       WorkflowState: "NEW" || "ASSIGNED" || "IN_PROGRESS" || "DEFERRED" || "RESOLVED",
@@ -4069,9 +4077,7 @@ export interface BatchImportFindingsCommandOutput extends BatchImportFindingsRes
  *           ExploitAvailable: "YES" || "NO",
  *           CodeVulnerabilities: [ // VulnerabilityCodeVulnerabilitiesList
  *             { // VulnerabilityCodeVulnerabilities
- *               Cwes: [
- *                 "STRING_VALUE",
- *               ],
+ *               Cwes: "<TypeList>",
  *               FilePath: { // CodeVulnerabilitiesFilePath
  *                 EndLine: Number("int"),
  *                 FileName: "STRING_VALUE",

clients/client-securityhub/src/commands/BatchUpdateAutomationRulesCommand.ts

@@ -131,13 +131,17 @@ export interface BatchUpdateAutomationRulesCommandOutput extends BatchUpdateAuto
  *           { // NumberFilter
  *             Gte: Number("double"),
  *             Lte: Number("double"),
+ *             Gt: Number("double"),
+ *             Lt: Number("double"),
  *             Eq: Number("double"),
  *           },
  *         ],
  *         Criticality: [
  *           {
  *             Gte: Number("double"),
  *             Lte: Number("double"),
+ *             Gt: Number("double"),
+ *             Lt: Number("double"),
  *             Eq: Number("double"),
  *           },
  *         ],

clients/client-securityhub/src/commands/CreateAutomationRuleCommand.ts

@@ -130,13 +130,17 @@ export interface CreateAutomationRuleCommandOutput extends CreateAutomationRuleR
  *       { // NumberFilter
  *         Gte: Number("double"),
  *         Lte: Number("double"),
+ *         Gt: Number("double"),
+ *         Lt: Number("double"),
  *         Eq: Number("double"),
  *       },
  *     ],
  *     Criticality: [
  *       {
  *         Gte: Number("double"),
  *         Lte: Number("double"),
+ *         Gt: Number("double"),
+ *         Lt: Number("double"),
  *         Eq: Number("double"),
  *       },
  *     ],

clients/client-securityhub/src/commands/CreateInsightCommand.ts

@@ -125,13 +125,17 @@ export interface CreateInsightCommandOutput extends CreateInsightResponse, __Met
  *       { // NumberFilter
  *         Gte: Number("double"),
  *         Lte: Number("double"),
+ *         Gt: Number("double"),
+ *         Lt: Number("double"),
  *         Eq: Number("double"),
  *       },
  *     ],
  *     SeverityNormalized: [
  *       {
  *         Gte: Number("double"),
  *         Lte: Number("double"),
+ *         Gt: Number("double"),
+ *         Lt: Number("double"),
  *         Eq: Number("double"),
  *       },
  *     ],
@@ -140,13 +144,17 @@ export interface CreateInsightCommandOutput extends CreateInsightResponse, __Met
  *       {
  *         Gte: Number("double"),
  *         Lte: Number("double"),
+ *         Gt: Number("double"),
+ *         Lt: Number("double"),
  *         Eq: Number("double"),
  *       },
  *     ],
  *     Criticality: [
  *       {
  *         Gte: Number("double"),
  *         Lte: Number("double"),
+ *         Gt: Number("double"),
+ *         Lt: Number("double"),
  *         Eq: Number("double"),
  *       },
  *     ],
@@ -190,6 +198,8 @@ export interface CreateInsightCommandOutput extends CreateInsightResponse, __Met
  *       {
  *         Gte: Number("double"),
  *         Lte: Number("double"),
+ *         Gt: Number("double"),
+ *         Lt: Number("double"),
  *         Eq: Number("double"),
  *       },
  *     ],
@@ -299,6 +309,10 @@ export interface CreateInsightCommandOutput extends CreateInsightResponse, __Met
  *     ],
  *     ComplianceSecurityControlId: "<StringFilterList>",
  *     ComplianceAssociatedStandardsId: "<StringFilterList>",
+ *     VulnerabilitiesExploitAvailable: "<StringFilterList>",
+ *     VulnerabilitiesFixAvailable: "<StringFilterList>",
+ *     ComplianceSecurityControlParametersName: "<StringFilterList>",
+ *     ComplianceSecurityControlParametersValue: "<StringFilterList>",
  *   },
  *   GroupByAttribute: "STRING_VALUE", // required
  * };