Class: AWS.SecurityHub
- Inherits:
-
AWS.Service
- Object
- AWS.Service
- AWS.SecurityHub
- Identifier:
- securityhub
- API Version:
- 2018-10-26
- Defined in:
- (unknown)
Overview
Constructs a service interface object. Each API operation is exposed as a function on service.
Service Description
AWS Security Hub provides you with a comprehensive view of your security state within AWS and your compliance with the security industry standards and best practices. Security Hub collects security data from across AWS accounts, services, and supported third-party partners and helps you analyze your security trends and identify the highest priority security issues. For more information, see AWS Security Hub User Guide.
Currently, AWS Security Hub is in Preview release.
Sending a Request Using SecurityHub
var securityhub = new AWS.SecurityHub();
securityhub.acceptInvitation(params, function (err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
Locking the API Version
In order to ensure that the SecurityHub object uses this specific API, you can
construct the object by passing the apiVersion option to the constructor:
var securityhub = new AWS.SecurityHub({apiVersion: '2018-10-26'});
You can also set the API version globally in AWS.config.apiVersions using
the securityhub service identifier:
AWS.config.apiVersions = {
securityhub: '2018-10-26',
// other service API versions
};
var securityhub = new AWS.SecurityHub();
Version:
-
2018-10-26
Constructor Summary
-
new AWS.SecurityHub(options = {}) ⇒ Object
constructor
Constructs a service object.
Property Summary
-
endpoint ⇒ AWS.Endpoint
readwrite
An Endpoint object representing the endpoint URL for service requests.
Properties inherited from AWS.Service
Method Summary
-
acceptInvitation(params = {}, callback) ⇒ AWS.Request
Accepts the invitation to be monitored by a master SecurityHub account.
-
batchDisableStandards(params = {}, callback) ⇒ AWS.Request
Disables the standards specified by the standards subscription ARNs.
-
batchEnableStandards(params = {}, callback) ⇒ AWS.Request
Enables the standards specified by the standards ARNs.
-
batchImportFindings(params = {}, callback) ⇒ AWS.Request
Imports security findings that are generated by the integrated third-party products into Security Hub.
-
createInsight(params = {}, callback) ⇒ AWS.Request
Creates an insight, which is a consolidation of findings that identifies a security area that requires attention or intervention.
-
createMembers(params = {}, callback) ⇒ AWS.Request
Creates member Security Hub accounts in the current AWS account (which becomes the master Security Hub account) that has Security Hub enabled.
-
declineInvitations(params = {}, callback) ⇒ AWS.Request
Declines invitations that are sent to this AWS account (invitee) by the AWS accounts (inviters) that are specified by the account IDs.
-
deleteInsight(params = {}, callback) ⇒ AWS.Request
Deletes an insight that is specified by the insight ARN.
-
deleteInvitations(params = {}, callback) ⇒ AWS.Request
Deletes invitations that are sent to this AWS account (invitee) by the AWS accounts (inviters) that are specified by their account IDs.
-
deleteMembers(params = {}, callback) ⇒ AWS.Request
Deletes the Security Hub member accounts that are specified by the account IDs.
-
disableImportFindingsForProduct(params = {}, callback) ⇒ AWS.Request
Cancels the subscription that allows a findings-generating solution (product) to import its findings into Security Hub.
-
disableSecurityHub(params = {}, callback) ⇒ AWS.Request
Disables the AWS Security Hub Service.
-
disassociateFromMasterAccount(params = {}, callback) ⇒ AWS.Request
Disassociates the current Security Hub member account from its master account.
-
disassociateMembers(params = {}, callback) ⇒ AWS.Request
Disassociates the Security Hub member accounts that are specified by the account IDs from their master account.
-
enableImportFindingsForProduct(params = {}, callback) ⇒ AWS.Request
Sets up the subscription that enables a findings-generating solution (product) to import its findings into Security Hub.
-
enableSecurityHub(params = {}, callback) ⇒ AWS.Request
Enables the AWS Security Hub service.
-
getEnabledStandards(params = {}, callback) ⇒ AWS.Request
Lists and describes enabled standards.
-
getFindings(params = {}, callback) ⇒ AWS.Request
Lists and describes Security Hub-aggregated findings that are specified by filter attributes.
-
getInsightResults(params = {}, callback) ⇒ AWS.Request
Lists the results of the Security Hub insight specified by the insight ARN.
-
getInsights(params = {}, callback) ⇒ AWS.Request
Lists and describes insights that are specified by insight ARNs.
-
getInvitationsCount(params = {}, callback) ⇒ AWS.Request
Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation.
-
getMasterAccount(params = {}, callback) ⇒ AWS.Request
Provides the details for the Security Hub master account to the current member account.
-
getMembers(params = {}, callback) ⇒ AWS.Request
Returns the details on the Security Hub member accounts that are specified by the account IDs.
-
inviteMembers(params = {}, callback) ⇒ AWS.Request
Invites other AWS accounts to enable Security Hub and become Security Hub member accounts.
-
listEnabledProductsForImport(params = {}, callback) ⇒ AWS.Request
Lists all findings-generating solutions (products) whose findings you've subscribed to receive in Security Hub.
-
listInvitations(params = {}, callback) ⇒ AWS.Request
Lists all Security Hub membership invitations that were sent to the current AWS account.
-
listMembers(params = {}, callback) ⇒ AWS.Request
Lists details about all member accounts for the current Security Hub master account.
-
updateFindings(params = {}, callback) ⇒ AWS.Request
Updates the AWS Security Hub-aggregated findings specified by the filter attributes.
-
updateInsight(params = {}, callback) ⇒ AWS.Request
Updates the AWS Security Hub insight specified by the insight ARN.
Methods inherited from AWS.Service
makeRequest, makeUnauthenticatedRequest, waitFor, setupRequestListeners, defineService
Constructor Details
new AWS.SecurityHub(options = {}) ⇒ Object
Constructs a service object. This object has one method for each API operation.
Examples:
Constructing a SecurityHub object
var securityhub = new AWS.SecurityHub({apiVersion: '2018-10-26'});Options Hash (options):
-
params
(map)
—
An optional map of parameters to bind to every request sent by this service object. For more information on bound parameters, see "Working with Services" in the Getting Started Guide.
-
endpoint
(String)
—
The endpoint URI to send requests to. The default endpoint is built from the configured
region. The endpoint should be a string like'https://{service}.{region}.amazonaws.com'. -
accessKeyId
(String)
—
your AWS access key ID.
-
secretAccessKey
(String)
—
your AWS secret access key.
-
sessionToken
(AWS.Credentials)
—
the optional AWS session token to sign requests with.
-
credentials
(AWS.Credentials)
—
the AWS credentials to sign requests with. You can either specify this object, or specify the accessKeyId and secretAccessKey options directly.
-
credentialProvider
(AWS.CredentialProviderChain)
—
the provider chain used to resolve credentials if no static
credentialsproperty is set. -
region
(String)
—
the region to send service requests to. See AWS.SecurityHub.region for more information.
-
maxRetries
(Integer)
—
the maximum amount of retries to attempt with a request. See AWS.SecurityHub.maxRetries for more information.
-
maxRedirects
(Integer)
—
the maximum amount of redirects to follow with a request. See AWS.SecurityHub.maxRedirects for more information.
-
sslEnabled
(Boolean)
—
whether to enable SSL for requests.
-
paramValidation
(Boolean|map)
—
whether input parameters should be validated against the operation description before sending the request. Defaults to true. Pass a map to enable any of the following specific validation features:
- min [Boolean] — Validates that a value meets the min
constraint. This is enabled by default when paramValidation is set
to
true. - max [Boolean] — Validates that a value meets the max constraint.
- pattern [Boolean] — Validates that a string value matches a regular expression.
- enum [Boolean] — Validates that a string value matches one of the allowable enum values.
- min [Boolean] — Validates that a value meets the min
constraint. This is enabled by default when paramValidation is set
to
-
computeChecksums
(Boolean)
—
whether to compute checksums for payload bodies when the service accepts it (currently supported in S3 only)
-
convertResponseTypes
(Boolean)
—
whether types are converted when parsing response data. Currently only supported for JSON based services. Turning this off may improve performance on large response payloads. Defaults to
true. -
correctClockSkew
(Boolean)
—
whether to apply a clock skew correction and retry requests that fail because of an skewed client clock. Defaults to
false. -
s3ForcePathStyle
(Boolean)
—
whether to force path style URLs for S3 objects.
-
s3BucketEndpoint
(Boolean)
—
whether the provided endpoint addresses an individual bucket (false if it addresses the root API endpoint). Note that setting this configuration option requires an
endpointto be provided explicitly to the service constructor. -
s3DisableBodySigning
(Boolean)
—
whether S3 body signing should be disabled when using signature version
v4. Body signing can only be disabled when using https. Defaults totrue. -
retryDelayOptions
(map)
—
A set of options to configure the retry delay on retryable errors. Currently supported options are:
- base [Integer] — The base number of milliseconds to use in the exponential backoff for operation retries. Defaults to 100 ms for all services except DynamoDB, where it defaults to 50ms.
- customBackoff [function] — A custom function that accepts a retry count
and returns the amount of time to delay in milliseconds. The
baseoption will be ignored if this option is supplied.
-
httpOptions
(map)
—
A set of options to pass to the low-level HTTP request. Currently supported options are:
- proxy [String] — the URL to proxy requests through
- agent [http.Agent, https.Agent] — the Agent object to perform
HTTP requests with. Used for connection pooling. Defaults to the global
agent (
http.globalAgent) for non-SSL connections. Note that for SSL connections, a special Agent object is used in order to enable peer certificate verification. This feature is only available in the Node.js environment. - connectTimeout [Integer] — Sets the socket to timeout after
failing to establish a connection with the server after
connectTimeoutmilliseconds. This timeout has no effect once a socket connection has been established. - timeout [Integer] — Sets the socket to timeout after timeout milliseconds of inactivity on the socket. Defaults to two minutes (120000).
- xhrAsync [Boolean] — Whether the SDK will send asynchronous HTTP requests. Used in the browser environment only. Set to false to send requests synchronously. Defaults to true (async on).
- xhrWithCredentials [Boolean] — Sets the "withCredentials" property of an XMLHttpRequest object. Used in the browser environment only. Defaults to false.
-
apiVersion
(String, Date)
—
a String in YYYY-MM-DD format (or a date) that represents the latest possible API version that can be used in all services (unless overridden by
apiVersions). Specify 'latest' to use the latest possible version. -
apiVersions
(map<String, String|Date>)
—
a map of service identifiers (the lowercase service class name) with the API version to use when instantiating a service. Specify 'latest' for each individual that can use the latest available version.
-
logger
(#write, #log)
—
an object that responds to .write() (like a stream) or .log() (like the console object) in order to log information about requests
-
systemClockOffset
(Number)
—
an offset value in milliseconds to apply to all signing times. Use this to compensate for clock skew when your system may be out of sync with the service time. Note that this configuration option can only be applied to the global
AWS.configobject and cannot be overridden in service-specific configuration. Defaults to 0 milliseconds. -
signatureVersion
(String)
—
the signature version to sign requests with (overriding the API configuration). Possible values are: 'v2', 'v3', 'v4'.
-
signatureCache
(Boolean)
—
whether the signature to sign requests with (overriding the API configuration) is cached. Only applies to the signature version 'v4'. Defaults to
true. -
dynamoDbCrc32
(Boolean)
—
whether to validate the CRC32 checksum of HTTP response bodies returned by DynamoDB. Default:
true. -
useAccelerateEndpoint
(Boolean)
—
Whether to use the S3 Transfer Acceleration endpoint with the S3 service. Default:
false. -
clientSideMonitoring
(Boolean)
—
whether to collect and publish this client's performance metrics of all its API requests.
-
endpointDiscoveryEnabled
(Boolean)
—
whether to enable endpoint discovery for operations that allow optionally using an endpoint returned by the service. Defaults to 'false'
-
endpointCacheSize
(Number)
—
the size of the global cache storing endpoints from endpoint discovery operations. Once endpoint cache is created, updating this setting cannot change existing cache size. Defaults to 1000
-
hostPrefixEnabled
(Boolean)
—
whether to marshal request parameters to the prefix of hostname. Defaults to
true.
Property Details
Method Details
acceptInvitation(params = {}, callback) ⇒ AWS.Request
Accepts the invitation to be monitored by a master SecurityHub account.
Service Reference:
Examples:
Calling the acceptInvitation operation
var params = {
InvitationId: 'STRING_VALUE',
MasterId: 'STRING_VALUE'
};
securityhub.acceptInvitation(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
MasterId— (String)The account ID of the master Security Hub account whose invitation you're accepting.
InvitationId— (String)The ID of the invitation that is sent to the AWS account by the Security Hub master account.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs.
-
(AWS.Response)
—
Returns:
batchDisableStandards(params = {}, callback) ⇒ AWS.Request
Disables the standards specified by the standards subscription ARNs. In the context of Security Hub, supported standards (for example, CIS AWS Foundations) are automated and continuous checks that help determine your compliance status against security industry (including AWS) best practices.
Service Reference:
Examples:
Calling the batchDisableStandards operation
var params = {
StandardsSubscriptionArns: [ /* required */
'STRING_VALUE',
/* more items */
]
};
securityhub.batchDisableStandards(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
StandardsSubscriptionArns— (Array<String>)The ARNS of the standards subscriptions that you want to disable.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:StandardsSubscriptions— (Array<map>)The details of the standards subscriptions that were disabled.
StandardsSubscriptionArn— required — (String)The ARN of a resource that represents your subscription to a supported standard.
StandardsArn— required — (String)The ARN of a standard.
In this release, Security Hub only supports the CIS AWS Foundations standard.
Its ARN is arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0.
StandardsInput— required — (map<String>)StandardsStatus— required — (String)The standard's status.
Possible values include:"PENDING""READY""FAILED""DELETING"
-
(AWS.Response)
—
Returns:
batchEnableStandards(params = {}, callback) ⇒ AWS.Request
Enables the standards specified by the standards ARNs. In the context of Security Hub, supported standards (for example, CIS AWS Foundations) are automated and continuous checks that help determine your compliance status against security industry (including AWS) best practices.
Service Reference:
Examples:
Calling the batchEnableStandards operation
var params = {
StandardsSubscriptionRequests: [ /* required */
{
StandardsArn: 'STRING_VALUE', /* required */
StandardsInput: {
'<NonEmptyString>': 'STRING_VALUE',
/* '<NonEmptyString>': ... */
}
},
/* more items */
]
};
securityhub.batchEnableStandards(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
StandardsSubscriptionRequests— (Array<map>)The list of standards that you want to enable.
In this release, Security Hub only supports the CIS AWS Foundations standard.
Its ARN is arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0.
StandardsArn— required — (String)The ARN of the standard that you want to enable.
In this release, Security Hub only supports the CIS AWS Foundations standard.
Its ARN is arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0.
StandardsInput— (map<String>)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:StandardsSubscriptions— (Array<map>)The details of the standards subscriptions that were enabled.
StandardsSubscriptionArn— required — (String)The ARN of a resource that represents your subscription to a supported standard.
StandardsArn— required — (String)The ARN of a standard.
In this release, Security Hub only supports the CIS AWS Foundations standard.
Its ARN is arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0.
StandardsInput— required — (map<String>)StandardsStatus— required — (String)The standard's status.
Possible values include:"PENDING""READY""FAILED""DELETING"
-
(AWS.Response)
—
Returns:
batchImportFindings(params = {}, callback) ⇒ AWS.Request
Imports security findings that are generated by the integrated third-party products into Security Hub.
Service Reference:
Examples:
Calling the batchImportFindings operation
var params = {
Findings: [ /* required */
{
AwsAccountId: 'STRING_VALUE', /* required */
CreatedAt: 'STRING_VALUE', /* required */
GeneratorId: 'STRING_VALUE', /* required */
Id: 'STRING_VALUE', /* required */
ProductArn: 'STRING_VALUE', /* required */
Resources: [ /* required */
{
Id: 'STRING_VALUE', /* required */
Type: 'STRING_VALUE', /* required */
Details: {
AwsEc2Instance: {
IamInstanceProfileArn: 'STRING_VALUE',
ImageId: 'STRING_VALUE',
IpV4Addresses: [
'STRING_VALUE',
/* more items */
],
IpV6Addresses: [
'STRING_VALUE',
/* more items */
],
KeyName: 'STRING_VALUE',
LaunchedAt: 'STRING_VALUE',
SubnetId: 'STRING_VALUE',
Type: 'STRING_VALUE',
VpcId: 'STRING_VALUE'
},
AwsIamAccessKey: {
CreatedAt: 'STRING_VALUE',
Status: Active | Inactive,
UserName: 'STRING_VALUE'
},
AwsS3Bucket: {
OwnerId: 'STRING_VALUE',
OwnerName: 'STRING_VALUE'
},
Container: {
ImageId: 'STRING_VALUE',
ImageName: 'STRING_VALUE',
LaunchedAt: 'STRING_VALUE',
Name: 'STRING_VALUE'
},
Other: {
'<NonEmptyString>': 'STRING_VALUE',
/* '<NonEmptyString>': ... */
}
},
Partition: aws | aws-cn | aws-us-gov,
Region: 'STRING_VALUE',
Tags: {
'<NonEmptyString>': 'STRING_VALUE',
/* '<NonEmptyString>': ... */
}
},
/* more items */
],
SchemaVersion: 'STRING_VALUE', /* required */
Severity: { /* required */
Normalized: 'NUMBER_VALUE', /* required */
Product: 'NUMBER_VALUE'
},
Types: [ /* required */
'STRING_VALUE',
/* more items */
],
UpdatedAt: 'STRING_VALUE', /* required */
Compliance: {
Status: PASSED | WARNING | FAILED | NOT_AVAILABLE
},
Confidence: 'NUMBER_VALUE',
Criticality: 'NUMBER_VALUE',
Description: 'STRING_VALUE',
FirstObservedAt: 'STRING_VALUE',
LastObservedAt: 'STRING_VALUE',
Malware: [
{
Name: 'STRING_VALUE', /* required */
Path: 'STRING_VALUE',
State: OBSERVED | REMOVAL_FAILED | REMOVED,
Type: ADWARE | BLENDED_THREAT | BOTNET_AGENT | COIN_MINER | EXPLOIT_KIT | KEYLOGGER | MACRO | POTENTIALLY_UNWANTED | SPYWARE | RANSOMWARE | REMOTE_ACCESS | ROOTKIT | TROJAN | VIRUS | WORM
},
/* more items */
],
Network: {
DestinationDomain: 'STRING_VALUE',
DestinationIpV4: 'STRING_VALUE',
DestinationIpV6: 'STRING_VALUE',
DestinationPort: 'NUMBER_VALUE',
Direction: IN | OUT,
Protocol: 'STRING_VALUE',
SourceDomain: 'STRING_VALUE',
SourceIpV4: 'STRING_VALUE',
SourceIpV6: 'STRING_VALUE',
SourceMac: 'STRING_VALUE',
SourcePort: 'NUMBER_VALUE'
},
Note: {
Text: 'STRING_VALUE', /* required */
UpdatedAt: 'STRING_VALUE', /* required */
UpdatedBy: 'STRING_VALUE' /* required */
},
Process: {
LaunchedAt: 'STRING_VALUE',
Name: 'STRING_VALUE',
ParentPid: 'NUMBER_VALUE',
Path: 'STRING_VALUE',
Pid: 'NUMBER_VALUE',
TerminatedAt: 'STRING_VALUE'
},
ProductFields: {
'<NonEmptyString>': 'STRING_VALUE',
/* '<NonEmptyString>': ... */
},
RecordState: ACTIVE | ARCHIVED,
RelatedFindings: [
{
Id: 'STRING_VALUE', /* required */
ProductArn: 'STRING_VALUE' /* required */
},
/* more items */
],
Remediation: {
Recommendation: {
Text: 'STRING_VALUE',
Url: 'STRING_VALUE'
}
},
SourceUrl: 'STRING_VALUE',
ThreatIntelIndicators: [
{
Category: BACKDOOR | CARD_STEALER | COMMAND_AND_CONTROL | DROP_SITE | EXPLOIT_SITE | KEYLOGGER,
LastObservedAt: 'STRING_VALUE',
Source: 'STRING_VALUE',
SourceUrl: 'STRING_VALUE',
Type: DOMAIN | EMAIL_ADDRESS | HASH_MD5 | HASH_SHA1 | HASH_SHA256 | HASH_SHA512 | IPV4_ADDRESS | IPV6_ADDRESS | MUTEX | PROCESS | URL,
Value: 'STRING_VALUE'
},
/* more items */
],
Title: 'STRING_VALUE',
UserDefinedFields: {
'<NonEmptyString>': 'STRING_VALUE',
/* '<NonEmptyString>': ... */
},
VerificationState: UNKNOWN | TRUE_POSITIVE | FALSE_POSITIVE | BENIGN_POSITIVE,
WorkflowState: NEW | ASSIGNED | IN_PROGRESS | DEFERRED | RESOLVED
},
/* more items */
]
};
securityhub.batchImportFindings(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
Findings— (Array<map>)A list of findings that you want to import. Must be submitted in the AWSSecurityFinding format.
SchemaVersion— required — (String)The schema version for which a finding is formatted.
Id— required — (String)The security findings provider-specific identifier for a finding.
ProductArn— required — (String)The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) once this provider's product (solution that generates findings) is registered with Security Hub.
GeneratorId— required — (String)This is the identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings provider's solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
AwsAccountId— required — (String)The AWS account ID in which a finding is generated.
Types— required — (Array<String>)One or more finding types in the format of 'namespace/category/classifier' that classify a finding.
Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
FirstObservedAt— (String)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings provider.
LastObservedAt— (String)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings provider.
CreatedAt— required — (String)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was created by the security findings provider.
UpdatedAt— required — (String)An ISO8601-formatted timestamp that indicates when the finding record was last updated by the security findings provider.
Severity— required — (map)A finding's severity.
Product— (Float)The native severity as defined by the security findings provider's solution that generated the finding.
Normalized— required — (Integer)The normalized severity of a finding.
Confidence— (Integer)A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale. 0 equates zero percent confidence and 100 equates to 100 percent confidence.
Criticality— (Integer)The level of importance assigned to the resources associated with the finding. A score of 0 means the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
Title— (String)A finding's title.
Note: In this release, Title is a required property.Description— (String)A finding's description.
Note: In this release, Description is a required property.Remediation— (map)An data type that describes the remediation options for a finding.
Recommendation— (map)Provides a recommendation on how to remediate the issue identified within a finding.
Text— (String)The recommendation of what to do about the issue described in a finding.
Url— (String)A URL to link to general remediation information for the finding type of a finding.
SourceUrl— (String)A URL that links to a page about the current finding in the security findings provider's solution.
ProductFields— (map<String>)A data type where security findings providers can include additional solution-specific details that are not part of the defined AwsSecurityFinding format.
UserDefinedFields— (map<String>)A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
Malware— (Array<map>)A list of malware related to a finding.
Name— required — (String)The name of the malware that was observed.
Type— (String)The type of the malware that was observed.
Possible values include:"ADWARE""BLENDED_THREAT""BOTNET_AGENT""COIN_MINER""EXPLOIT_KIT""KEYLOGGER""MACRO""POTENTIALLY_UNWANTED""SPYWARE""RANSOMWARE""REMOTE_ACCESS""ROOTKIT""TROJAN""VIRUS""WORM"
Path— (String)The filesystem path of the malware that was observed.
State— (String)The state of the malware that was observed.
Possible values include:"OBSERVED""REMOVAL_FAILED""REMOVED"
Network— (map)The details of network-related information about a finding.
Direction— (String)Indicates the direction of network traffic associated with a finding.
Possible values include:"IN""OUT"
Protocol— (String)The protocol of network-related information about a finding.
SourceIpV4— (String)The source IPv4 address of network-related information about a finding.
SourceIpV6— (String)The source IPv6 address of network-related information about a finding.
SourcePort— (Integer)The source port of network-related information about a finding.
SourceDomain— (String)The source domain of network-related information about a finding.
SourceMac— (String)The source media access control (MAC) address of network-related information about a finding.
DestinationIpV4— (String)The destination IPv4 address of network-related information about a finding.
DestinationIpV6— (String)The destination IPv6 address of network-related information about a finding.
DestinationPort— (Integer)The destination port of network-related information about a finding.
DestinationDomain— (String)The destination domain of network-related information about a finding.
Process— (map)The details of process-related information about a finding.
Name— (String)The name of the process.
Path— (String)The path to the process executable.
Pid— (Integer)The process ID.
ParentPid— (Integer)The parent process ID.
LaunchedAt— (String)The date/time that the process was launched.
TerminatedAt— (String)The date/time that the process was terminated.
ThreatIntelIndicators— (Array<map>)Threat intel details related to a finding.
Type— (String)The type of a threat intel indicator.
Possible values include:"DOMAIN""EMAIL_ADDRESS""HASH_MD5""HASH_SHA1""HASH_SHA256""HASH_SHA512""IPV4_ADDRESS""IPV6_ADDRESS""MUTEX""PROCESS""URL"
Value— (String)The value of a threat intel indicator.
Category— (String)The category of a threat intel indicator.
Possible values include:"BACKDOOR""CARD_STEALER""COMMAND_AND_CONTROL""DROP_SITE""EXPLOIT_SITE""KEYLOGGER"
LastObservedAt— (String)The date/time of the last observation of a threat intel indicator.
Source— (String)The source of the threat intel.
SourceUrl— (String)The URL for more details from the source of the threat intel.
Resources— required — (Array<map>)A set of resource data types that describe the resources to which the finding refers.
Type— required — (String)Specifies the type of the resource for which details are provided.
Id— required — (String)The canonical identifier for the given resource type.
Partition— (String)The canonical AWS partition name to which the region is assigned.
Possible values include:"aws""aws-cn""aws-us-gov"
Region— (String)The canonical AWS external region name where this resource is located.
Tags— (map<String>)A list of AWS tags associated with a resource at the time the finding was processed.
Details— (map)Provides additional details about the resource.
AwsEc2Instance— (map)The details of an AWS EC2 instance.
Type— (String)The instance type of the instance.
ImageId— (String)The Amazon Machine Image (AMI) ID of the instance.
IpV4Addresses— (Array<String>)The IPv4 addresses associated with the instance.
IpV6Addresses— (Array<String>)The IPv6 addresses associated with the instance.
KeyName— (String)The key name associated with the instance.
IamInstanceProfileArn— (String)The IAM profile ARN of the instance.
VpcId— (String)The identifier of the VPC in which the instance was launched.
SubnetId— (String)The identifier of the subnet in which the instance was launched.
LaunchedAt— (String)The date/time the instance was launched.
AwsS3Bucket— (map)The details of an AWS S3 Bucket.
OwnerId— (String)The canonical user ID of the owner of the S3 bucket.
OwnerName— (String)The display name of the owner of the S3 bucket.
AwsIamAccessKey— (map)AWS IAM access key details related to a finding.
UserName— (String)The user associated with the IAM access key related to a finding.
Status— (String)The status of the IAM access key related to a finding.
Possible values include:"Active""Inactive"
CreatedAt— (String)The creation date/time of the IAM access key related to a finding.
Container— (map)Container details related to a finding.
Name— (String)The name of the container related to a finding.
ImageId— (String)The identifier of the image related to a finding.
ImageName— (String)The name of the image related to a finding.
LaunchedAt— (String)The date/time that the container was started.
Other— (map<String>)The details of a resource that does not have a specific sub-field for the resource type defined.
Compliance— (map)This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations). Contains compliance-related finding details.
Status— (String)Indicates the result of a compliance check.
Possible values include:"PASSED""WARNING""FAILED""NOT_AVAILABLE"
VerificationState— (String)Indicates the veracity of a finding.
Possible values include:"UNKNOWN""TRUE_POSITIVE""FALSE_POSITIVE""BENIGN_POSITIVE"
WorkflowState— (String)The workflow state of a finding.
Possible values include:"NEW""ASSIGNED""IN_PROGRESS""DEFERRED""RESOLVED"
RecordState— (String)The record state of a finding.
Possible values include:"ACTIVE""ARCHIVED"
RelatedFindings— (Array<map>)A list of related findings.
ProductArn— required — (String)The ARN of the solution that generated a related finding.
Id— required — (String)The solution-generated identifier for a related finding.
Note— (map)A user-defined note added to a finding.
Text— required — (String)The text of a note.
UpdatedBy— required — (String)The principal that created a note.
UpdatedAt— required — (String)The timestamp of when the note was updated.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:FailedCount— (Integer)The number of findings that cannot be imported.
SuccessCount— (Integer)The number of findings that were successfully imported
FailedFindings— (Array<map>)The list of the findings that cannot be imported.
Id— required — (String)The id of the error made during the BatchImportFindings operation.
ErrorCode— required — (String)The code of the error made during the BatchImportFindings operation.
ErrorMessage— required — (String)The message of the error made during the BatchImportFindings operation.
-
(AWS.Response)
—
Returns:
createInsight(params = {}, callback) ⇒ AWS.Request
Creates an insight, which is a consolidation of findings that identifies a security area that requires attention or intervention.
Service Reference:
Examples:
Calling the createInsight operation
var params = {
Filters: { /* required */
AwsAccountId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
CompanyName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ComplianceStatus: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Confidence: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
CreatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
Criticality: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
Description: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
FirstObservedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
GeneratorId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Id: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Keyword: [
{
Value: 'STRING_VALUE'
},
/* more items */
],
LastObservedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
MalwareName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
MalwarePath: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
MalwareState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
MalwareType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationDomain: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationIpV4: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationIpV6: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationPort: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
NetworkDirection: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkProtocol: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceDomain: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceIpV4: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceIpV6: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceMac: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkSourcePort: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
NoteText: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NoteUpdatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
NoteUpdatedBy: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProcessLaunchedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ProcessName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProcessParentPid: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
ProcessPath: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProcessPid: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
ProcessTerminatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ProductArn: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProductFields: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
ProductName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RecommendationText: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RecordState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RelatedFindingsId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RelatedFindingsProductArn: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceIamInstanceProfileArn: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceImageId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceIpV4Addresses: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceIpV6Addresses: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceKeyName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceLaunchedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceSubnetId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceVpcId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsIamAccessKeyCreatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsIamAccessKeyStatus: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsIamAccessKeyUserName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsS3BucketOwnerId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsS3BucketOwnerName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerImageId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerImageName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerLaunchedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceDetailsOther: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourcePartition: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceRegion: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceTags: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
SeverityLabel: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
SeverityNormalized: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
SeverityProduct: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
SourceUrl: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorCategory: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorLastObservedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorSource: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorSourceUrl: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorValue: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Title: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Type: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
UpdatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
UserDefinedFields: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
VerificationState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
WorkflowState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
]
},
GroupByAttribute: 'STRING_VALUE', /* required */
Name: 'STRING_VALUE' /* required */
};
securityhub.createInsight(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
Name— (String)The user-defined name that identifies the insight that you want to create.
Filters— (map)A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.
ProductArn— (Array<map>)The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) once this provider's product (solution that generates findings) is registered with Security Hub.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
AwsAccountId— (Array<map>)The AWS account ID in which a finding is generated.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Id— (Array<map>)The security findings provider-specific identifier for a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
GeneratorId— (Array<map>)This is the identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings provider's solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Type— (Array<map>)A finding type in the format of 'namespace/category/classifier' that classifies a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
FirstObservedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
LastObservedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
CreatedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was created by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
UpdatedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the finding record was last updated by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
SeverityProduct— (Array<map>)The native severity as defined by the security findings provider's solution that generated the finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
SeverityNormalized— (Array<map>)The normalized severity of a finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
SeverityLabel— (Array<map>)The label of a finding's severity.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Confidence— (Array<map>)A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale. 0 equates zero percent confidence and 100 equates to 100 percent confidence.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
Criticality— (Array<map>)The level of importance assigned to the resources associated with the finding. A score of 0 means the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
Title— (Array<map>)A finding's title.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Description— (Array<map>)A finding's description.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RecommendationText— (Array<map>)The recommendation of what to do about the issue described in a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
SourceUrl— (Array<map>)A URL that links to a page about the current finding in the security findings provider's solution.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProductFields— (Array<map>)A data type where security findings providers can include additional solution-specific details that are not part of the defined AwsSecurityFinding format.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
ProductName— (Array<map>)The name of the solution (product) that generates findings.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
CompanyName— (Array<map>)The name of the findings provider (company) that owns the solution (product) that generates findings.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
UserDefinedFields— (Array<map>)A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
MalwareName— (Array<map>)The name of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
MalwareType— (Array<map>)The type of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
MalwarePath— (Array<map>)The filesystem path of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
MalwareState— (Array<map>)The state of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkDirection— (Array<map>)Indicates the direction of network traffic associated with a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkProtocol— (Array<map>)The protocol of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkSourceIpV4— (Array<map>)The source IPv4 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkSourceIpV6— (Array<map>)The source IPv6 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkSourcePort— (Array<map>)The source port of network-related information about a finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
NetworkSourceDomain— (Array<map>)The source domain of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkSourceMac— (Array<map>)The source media access control (MAC) address of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkDestinationIpV4— (Array<map>)The destination IPv4 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkDestinationIpV6— (Array<map>)The destination IPv6 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkDestinationPort— (Array<map>)The destination port of network-related information about a finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
NetworkDestinationDomain— (Array<map>)The destination domain of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProcessName— (Array<map>)The name of the process.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProcessPath— (Array<map>)The path to the process executable.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProcessPid— (Array<map>)The process ID.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
ProcessParentPid— (Array<map>)The parent process ID.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
ProcessLaunchedAt— (Array<map>)The date/time that the process was launched.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ProcessTerminatedAt— (Array<map>)The date/time that the process was terminated.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ThreatIntelIndicatorType— (Array<map>)The type of a threat intel indicator.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorValue— (Array<map>)The value of a threat intel indicator.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorCategory— (Array<map>)The category of a threat intel indicator.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorLastObservedAt— (Array<map>)The date/time of the last observation of a threat intel indicator.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ThreatIntelIndicatorSource— (Array<map>)The source of the threat intel.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorSourceUrl— (Array<map>)The URL for more details from the source of the threat intel.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceType— (Array<map>)Specifies the type of the resource for which details are provided.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceId— (Array<map>)The canonical identifier for the given resource type.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourcePartition— (Array<map>)The canonical AWS partition name to which the region is assigned.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceRegion— (Array<map>)The canonical AWS external region name where this resource is located.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceTags— (Array<map>)A list of AWS tags associated with a resource at the time the finding was processed.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
ResourceAwsEc2InstanceType— (Array<map>)The instance type of the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceImageId— (Array<map>)The Amazon Machine Image (AMI) ID of the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceIpV4Addresses— (Array<map>)The IPv4 addresses associated with the instance.
Cidr— (String)Finding's CIDR value.
ResourceAwsEc2InstanceIpV6Addresses— (Array<map>)The IPv6 addresses associated with the instance.
Cidr— (String)Finding's CIDR value.
ResourceAwsEc2InstanceKeyName— (Array<map>)The key name associated with the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceIamInstanceProfileArn— (Array<map>)The IAM profile ARN of the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceVpcId— (Array<map>)The identifier of the VPC in which the instance was launched.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceSubnetId— (Array<map>)The identifier of the subnet in which the instance was launched.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceLaunchedAt— (Array<map>)The date/time the instance was launched.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ResourceAwsS3BucketOwnerId— (Array<map>)The canonical user ID of the owner of the S3 bucket.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsS3BucketOwnerName— (Array<map>)The display name of the owner of the S3 bucket.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsIamAccessKeyUserName— (Array<map>)The user associated with the IAM access key related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsIamAccessKeyStatus— (Array<map>)The status of the IAM access key related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsIamAccessKeyCreatedAt— (Array<map>)The creation date/time of the IAM access key related to a finding.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ResourceContainerName— (Array<map>)The name of the container related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceContainerImageId— (Array<map>)The identifier of the image related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceContainerImageName— (Array<map>)The name of the image related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceContainerLaunchedAt— (Array<map>)The date/time that the container was started.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ResourceDetailsOther— (Array<map>)The details of a resource that does not have a specific sub-field for the resource type defined.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
ComplianceStatus— (Array<map>)Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations). Contains compliance-related finding details.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
VerificationState— (Array<map>)Indicates the veracity of a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
WorkflowState— (Array<map>)The workflow state of a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RecordState— (Array<map>)The updated record state for the finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RelatedFindingsProductArn— (Array<map>)The ARN of the solution that generated a related finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RelatedFindingsId— (Array<map>)The solution-generated identifier for a related finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NoteText— (Array<map>)The text of a note.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NoteUpdatedAt— (Array<map>)The timestamp of when the note was updated.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
NoteUpdatedBy— (Array<map>)The principal that created a note.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Keyword— (Array<map>)A keyword for a finding.
Value— (String)A value for the keyword.
GroupByAttribute— (String)The attribute by which the insight's findings are grouped. This attribute is used as a findings aggregator for the purposes of viewing and managing multiple related findings under a single operand.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:InsightArn— (String)The ARN Of the created insight.
-
(AWS.Response)
—
Returns:
createMembers(params = {}, callback) ⇒ AWS.Request
Creates member Security Hub accounts in the current AWS account (which becomes the master Security Hub account) that has Security Hub enabled.
Service Reference:
Examples:
Calling the createMembers operation
var params = {
AccountDetails: [
{
AccountId: 'STRING_VALUE',
Email: 'STRING_VALUE'
},
/* more items */
]
};
securityhub.createMembers(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
AccountDetails— (Array<map>)A list of account ID and email address pairs of the accounts that you want to associate with the master Security Hub account.
AccountId— (String)The ID of an AWS account.
Email— (String)The email of an AWS account.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:UnprocessedAccounts— (Array<map>)A list of account ID and email address pairs of the AWS accounts that could not be processed.
AccountId— (String)An ID of the AWS account that could not be processed.
ProcessingResult— (String)The reason for why an account could not be processed.
-
(AWS.Response)
—
Returns:
declineInvitations(params = {}, callback) ⇒ AWS.Request
Declines invitations that are sent to this AWS account (invitee) by the AWS accounts (inviters) that are specified by the account IDs.
Service Reference:
Examples:
Calling the declineInvitations operation
var params = {
AccountIds: [
'STRING_VALUE',
/* more items */
]
};
securityhub.declineInvitations(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
AccountIds— (Array<String>)A list of account IDs specifying accounts whose invitations to Security Hub you want to decline.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:UnprocessedAccounts— (Array<map>)A list of account ID and email address pairs of the AWS accounts that could not be processed.
AccountId— (String)An ID of the AWS account that could not be processed.
ProcessingResult— (String)The reason for why an account could not be processed.
-
(AWS.Response)
—
Returns:
deleteInsight(params = {}, callback) ⇒ AWS.Request
Deletes an insight that is specified by the insight ARN.
Service Reference:
Examples:
Calling the deleteInsight operation
var params = {
InsightArn: 'STRING_VALUE' /* required */
};
securityhub.deleteInsight(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
InsightArn— (String)The ARN of the insight that you want to delete.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:InsightArn— (String)The ARN of the insight that was deleted.
-
(AWS.Response)
—
Returns:
deleteInvitations(params = {}, callback) ⇒ AWS.Request
Deletes invitations that are sent to this AWS account (invitee) by the AWS accounts (inviters) that are specified by their account IDs.
Service Reference:
Examples:
Calling the deleteInvitations operation
var params = {
AccountIds: [
'STRING_VALUE',
/* more items */
]
};
securityhub.deleteInvitations(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
AccountIds— (Array<String>)A list of account IDs specifying accounts whose invitations to Security Hub you want to delete.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:UnprocessedAccounts— (Array<map>)A list of account ID and email address pairs of the AWS accounts that could not be processed.
AccountId— (String)An ID of the AWS account that could not be processed.
ProcessingResult— (String)The reason for why an account could not be processed.
-
(AWS.Response)
—
Returns:
deleteMembers(params = {}, callback) ⇒ AWS.Request
Deletes the Security Hub member accounts that are specified by the account IDs.
Service Reference:
Examples:
Calling the deleteMembers operation
var params = {
AccountIds: [
'STRING_VALUE',
/* more items */
]
};
securityhub.deleteMembers(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
AccountIds— (Array<String>)A list of account IDs of the Security Hub member accounts that you want to delete.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:UnprocessedAccounts— (Array<map>)A list of account ID and email address pairs of the AWS accounts that could not be processed.
AccountId— (String)An ID of the AWS account that could not be processed.
ProcessingResult— (String)The reason for why an account could not be processed.
-
(AWS.Response)
—
Returns:
disableImportFindingsForProduct(params = {}, callback) ⇒ AWS.Request
Cancels the subscription that allows a findings-generating solution (product) to import its findings into Security Hub.
Service Reference:
Examples:
Calling the disableImportFindingsForProduct operation
var params = {
ProductSubscriptionArn: 'STRING_VALUE' /* required */
};
securityhub.disableImportFindingsForProduct(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
ProductSubscriptionArn— (String)The ARN of a resource that represents your subscription to a supported product.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs.
-
(AWS.Response)
—
Returns:
disableSecurityHub(params = {}, callback) ⇒ AWS.Request
Disables the AWS Security Hub Service.
Service Reference:
Examples:
Calling the disableSecurityHub operation
var params = {
};
securityhub.disableSecurityHub(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
- params (Object) (defaults to: {})
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs.
-
(AWS.Response)
—
Returns:
disassociateFromMasterAccount(params = {}, callback) ⇒ AWS.Request
Disassociates the current Security Hub member account from its master account.
Service Reference:
Examples:
Calling the disassociateFromMasterAccount operation
var params = {
};
securityhub.disassociateFromMasterAccount(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
- params (Object) (defaults to: {})
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs.
-
(AWS.Response)
—
Returns:
disassociateMembers(params = {}, callback) ⇒ AWS.Request
Disassociates the Security Hub member accounts that are specified by the account IDs from their master account.
Service Reference:
Examples:
Calling the disassociateMembers operation
var params = {
AccountIds: [
'STRING_VALUE',
/* more items */
]
};
securityhub.disassociateMembers(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
AccountIds— (Array<String>)The account IDs of the member accounts that you want to disassociate from the master account.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs.
-
(AWS.Response)
—
Returns:
enableImportFindingsForProduct(params = {}, callback) ⇒ AWS.Request
Sets up the subscription that enables a findings-generating solution (product) to import its findings into Security Hub.
Service Reference:
Examples:
Calling the enableImportFindingsForProduct operation
var params = {
ProductArn: 'STRING_VALUE' /* required */
};
securityhub.enableImportFindingsForProduct(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
ProductArn— (String)The ARN of the product that generates findings that you want to import into Security Hub.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:ProductSubscriptionArn— (String)The ARN of a resource that represents your subscription to the product that generates the findings that you want to import into Security Hub.
-
(AWS.Response)
—
Returns:
enableSecurityHub(params = {}, callback) ⇒ AWS.Request
Enables the AWS Security Hub service.
Service Reference:
Examples:
Calling the enableSecurityHub operation
var params = {
};
securityhub.enableSecurityHub(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
- params (Object) (defaults to: {})
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs.
-
(AWS.Response)
—
Returns:
getEnabledStandards(params = {}, callback) ⇒ AWS.Request
Lists and describes enabled standards.
Service Reference:
Examples:
Calling the getEnabledStandards operation
var params = {
MaxResults: 'NUMBER_VALUE',
NextToken: 'STRING_VALUE',
StandardsSubscriptionArns: [
'STRING_VALUE',
/* more items */
]
};
securityhub.getEnabledStandards(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
StandardsSubscriptionArns— (Array<String>)The list of standards subscription ARNS that you want to list and describe.
NextToken— (String)Paginates results. Set the value of this parameter to NULL on your first call to the GetEnabledStandards operation. For subsequent calls to the operation, fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
MaxResults— (Integer)Indicates the maximum number of items that you want in the response.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:StandardsSubscriptions— (Array<map>)The standards subscription details returned by the operation.
StandardsSubscriptionArn— required — (String)The ARN of a resource that represents your subscription to a supported standard.
StandardsArn— required — (String)The ARN of a standard.
In this release, Security Hub only supports the CIS AWS Foundations standard.
Its ARN is arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0.
StandardsInput— required — (map<String>)StandardsStatus— required — (String)The standard's status.
Possible values include:"PENDING""READY""FAILED""DELETING"
NextToken— (String)The token that is required for pagination.
-
(AWS.Response)
—
Returns:
getFindings(params = {}, callback) ⇒ AWS.Request
Lists and describes Security Hub-aggregated findings that are specified by filter attributes.
Service Reference:
Examples:
Calling the getFindings operation
var params = {
Filters: {
AwsAccountId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
CompanyName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ComplianceStatus: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Confidence: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
CreatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
Criticality: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
Description: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
FirstObservedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
GeneratorId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Id: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Keyword: [
{
Value: 'STRING_VALUE'
},
/* more items */
],
LastObservedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
MalwareName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
MalwarePath: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
MalwareState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
MalwareType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationDomain: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationIpV4: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationIpV6: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationPort: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
NetworkDirection: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkProtocol: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceDomain: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceIpV4: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceIpV6: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceMac: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkSourcePort: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
NoteText: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NoteUpdatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
NoteUpdatedBy: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProcessLaunchedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ProcessName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProcessParentPid: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
ProcessPath: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProcessPid: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
ProcessTerminatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ProductArn: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProductFields: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
ProductName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RecommendationText: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RecordState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RelatedFindingsId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RelatedFindingsProductArn: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceIamInstanceProfileArn: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceImageId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceIpV4Addresses: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceIpV6Addresses: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceKeyName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceLaunchedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceSubnetId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceVpcId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsIamAccessKeyCreatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsIamAccessKeyStatus: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsIamAccessKeyUserName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsS3BucketOwnerId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsS3BucketOwnerName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerImageId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerImageName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerLaunchedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceDetailsOther: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourcePartition: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceRegion: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceTags: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
SeverityLabel: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
SeverityNormalized: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
SeverityProduct: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
SourceUrl: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorCategory: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorLastObservedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorSource: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorSourceUrl: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorValue: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Title: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Type: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
UpdatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
UserDefinedFields: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
VerificationState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
WorkflowState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
]
},
MaxResults: 'NUMBER_VALUE',
NextToken: 'STRING_VALUE',
SortCriteria: [
{
Field: 'STRING_VALUE',
SortOrder: asc | desc
},
/* more items */
]
};
securityhub.getFindings(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
Filters— (map)A collection of attributes that is use for querying findings.
ProductArn— (Array<map>)The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) once this provider's product (solution that generates findings) is registered with Security Hub.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
AwsAccountId— (Array<map>)The AWS account ID in which a finding is generated.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Id— (Array<map>)The security findings provider-specific identifier for a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
GeneratorId— (Array<map>)This is the identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings provider's solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Type— (Array<map>)A finding type in the format of 'namespace/category/classifier' that classifies a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
FirstObservedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
LastObservedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
CreatedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was created by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
UpdatedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the finding record was last updated by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
SeverityProduct— (Array<map>)The native severity as defined by the security findings provider's solution that generated the finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
SeverityNormalized— (Array<map>)The normalized severity of a finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
SeverityLabel— (Array<map>)The label of a finding's severity.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Confidence— (Array<map>)A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale. 0 equates zero percent confidence and 100 equates to 100 percent confidence.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
Criticality— (Array<map>)The level of importance assigned to the resources associated with the finding. A score of 0 means the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
Title— (Array<map>)A finding's title.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Description— (Array<map>)A finding's description.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RecommendationText— (Array<map>)The recommendation of what to do about the issue described in a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
SourceUrl— (Array<map>)A URL that links to a page about the current finding in the security findings provider's solution.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProductFields— (Array<map>)A data type where security findings providers can include additional solution-specific details that are not part of the defined AwsSecurityFinding format.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
ProductName— (Array<map>)The name of the solution (product) that generates findings.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
CompanyName— (Array<map>)The name of the findings provider (company) that owns the solution (product) that generates findings.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
UserDefinedFields— (Array<map>)A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
MalwareName— (Array<map>)The name of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
MalwareType— (Array<map>)The type of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
MalwarePath— (Array<map>)The filesystem path of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
MalwareState— (Array<map>)The state of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkDirection— (Array<map>)Indicates the direction of network traffic associated with a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkProtocol— (Array<map>)The protocol of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkSourceIpV4— (Array<map>)The source IPv4 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkSourceIpV6— (Array<map>)The source IPv6 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkSourcePort— (Array<map>)The source port of network-related information about a finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
NetworkSourceDomain— (Array<map>)The source domain of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkSourceMac— (Array<map>)The source media access control (MAC) address of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkDestinationIpV4— (Array<map>)The destination IPv4 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkDestinationIpV6— (Array<map>)The destination IPv6 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkDestinationPort— (Array<map>)The destination port of network-related information about a finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
NetworkDestinationDomain— (Array<map>)The destination domain of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProcessName— (Array<map>)The name of the process.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProcessPath— (Array<map>)The path to the process executable.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProcessPid— (Array<map>)The process ID.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
ProcessParentPid— (Array<map>)The parent process ID.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
ProcessLaunchedAt— (Array<map>)The date/time that the process was launched.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ProcessTerminatedAt— (Array<map>)The date/time that the process was terminated.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ThreatIntelIndicatorType— (Array<map>)The type of a threat intel indicator.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorValue— (Array<map>)The value of a threat intel indicator.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorCategory— (Array<map>)The category of a threat intel indicator.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorLastObservedAt— (Array<map>)The date/time of the last observation of a threat intel indicator.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ThreatIntelIndicatorSource— (Array<map>)The source of the threat intel.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorSourceUrl— (Array<map>)The URL for more details from the source of the threat intel.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceType— (Array<map>)Specifies the type of the resource for which details are provided.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceId— (Array<map>)The canonical identifier for the given resource type.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourcePartition— (Array<map>)The canonical AWS partition name to which the region is assigned.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceRegion— (Array<map>)The canonical AWS external region name where this resource is located.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceTags— (Array<map>)A list of AWS tags associated with a resource at the time the finding was processed.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
ResourceAwsEc2InstanceType— (Array<map>)The instance type of the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceImageId— (Array<map>)The Amazon Machine Image (AMI) ID of the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceIpV4Addresses— (Array<map>)The IPv4 addresses associated with the instance.
Cidr— (String)Finding's CIDR value.
ResourceAwsEc2InstanceIpV6Addresses— (Array<map>)The IPv6 addresses associated with the instance.
Cidr— (String)Finding's CIDR value.
ResourceAwsEc2InstanceKeyName— (Array<map>)The key name associated with the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceIamInstanceProfileArn— (Array<map>)The IAM profile ARN of the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceVpcId— (Array<map>)The identifier of the VPC in which the instance was launched.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceSubnetId— (Array<map>)The identifier of the subnet in which the instance was launched.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceLaunchedAt— (Array<map>)The date/time the instance was launched.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ResourceAwsS3BucketOwnerId— (Array<map>)The canonical user ID of the owner of the S3 bucket.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsS3BucketOwnerName— (Array<map>)The display name of the owner of the S3 bucket.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsIamAccessKeyUserName— (Array<map>)The user associated with the IAM access key related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsIamAccessKeyStatus— (Array<map>)The status of the IAM access key related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsIamAccessKeyCreatedAt— (Array<map>)The creation date/time of the IAM access key related to a finding.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ResourceContainerName— (Array<map>)The name of the container related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceContainerImageId— (Array<map>)The identifier of the image related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceContainerImageName— (Array<map>)The name of the image related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceContainerLaunchedAt— (Array<map>)The date/time that the container was started.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ResourceDetailsOther— (Array<map>)The details of a resource that does not have a specific sub-field for the resource type defined.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
ComplianceStatus— (Array<map>)Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations). Contains compliance-related finding details.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
VerificationState— (Array<map>)Indicates the veracity of a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
WorkflowState— (Array<map>)The workflow state of a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RecordState— (Array<map>)The updated record state for the finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RelatedFindingsProductArn— (Array<map>)The ARN of the solution that generated a related finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RelatedFindingsId— (Array<map>)The solution-generated identifier for a related finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NoteText— (Array<map>)The text of a note.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NoteUpdatedAt— (Array<map>)The timestamp of when the note was updated.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
NoteUpdatedBy— (Array<map>)The principal that created a note.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Keyword— (Array<map>)A keyword for a finding.
Value— (String)A value for the keyword.
SortCriteria— (Array<map>)A collection of attributes used for sorting findings.
Field— (String)The finding attribute used for sorting findings.
SortOrder— (String)The order used for sorting findings.
Possible values include:"asc""desc"
NextToken— (String)Paginates results. Set the value of this parameter to NULL on your first call to the GetFindings operation. For subsequent calls to the operation, fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
MaxResults— (Integer)Indicates the maximum number of items that you want in the response.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:Findings— (Array<map>)Findings details returned by the operation.
SchemaVersion— required — (String)The schema version for which a finding is formatted.
Id— required — (String)The security findings provider-specific identifier for a finding.
ProductArn— required — (String)The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) once this provider's product (solution that generates findings) is registered with Security Hub.
GeneratorId— required — (String)This is the identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings provider's solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
AwsAccountId— required — (String)The AWS account ID in which a finding is generated.
Types— required — (Array<String>)One or more finding types in the format of 'namespace/category/classifier' that classify a finding.
Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
FirstObservedAt— (String)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings provider.
LastObservedAt— (String)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings provider.
CreatedAt— required — (String)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was created by the security findings provider.
UpdatedAt— required — (String)An ISO8601-formatted timestamp that indicates when the finding record was last updated by the security findings provider.
Severity— required — (map)A finding's severity.
Product— (Float)The native severity as defined by the security findings provider's solution that generated the finding.
Normalized— required — (Integer)The normalized severity of a finding.
Confidence— (Integer)A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale. 0 equates zero percent confidence and 100 equates to 100 percent confidence.
Criticality— (Integer)The level of importance assigned to the resources associated with the finding. A score of 0 means the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
Title— (String)A finding's title.
Note: In this release, Title is a required property.Description— (String)A finding's description.
Note: In this release, Description is a required property.Remediation— (map)An data type that describes the remediation options for a finding.
Recommendation— (map)Provides a recommendation on how to remediate the issue identified within a finding.
Text— (String)The recommendation of what to do about the issue described in a finding.
Url— (String)A URL to link to general remediation information for the finding type of a finding.
SourceUrl— (String)A URL that links to a page about the current finding in the security findings provider's solution.
ProductFields— (map<String>)A data type where security findings providers can include additional solution-specific details that are not part of the defined AwsSecurityFinding format.
UserDefinedFields— (map<String>)A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
Malware— (Array<map>)A list of malware related to a finding.
Name— required — (String)The name of the malware that was observed.
Type— (String)The type of the malware that was observed.
Possible values include:"ADWARE""BLENDED_THREAT""BOTNET_AGENT""COIN_MINER""EXPLOIT_KIT""KEYLOGGER""MACRO""POTENTIALLY_UNWANTED""SPYWARE""RANSOMWARE""REMOTE_ACCESS""ROOTKIT""TROJAN""VIRUS""WORM"
Path— (String)The filesystem path of the malware that was observed.
State— (String)The state of the malware that was observed.
Possible values include:"OBSERVED""REMOVAL_FAILED""REMOVED"
Network— (map)The details of network-related information about a finding.
Direction— (String)Indicates the direction of network traffic associated with a finding.
Possible values include:"IN""OUT"
Protocol— (String)The protocol of network-related information about a finding.
SourceIpV4— (String)The source IPv4 address of network-related information about a finding.
SourceIpV6— (String)The source IPv6 address of network-related information about a finding.
SourcePort— (Integer)The source port of network-related information about a finding.
SourceDomain— (String)The source domain of network-related information about a finding.
SourceMac— (String)The source media access control (MAC) address of network-related information about a finding.
DestinationIpV4— (String)The destination IPv4 address of network-related information about a finding.
DestinationIpV6— (String)The destination IPv6 address of network-related information about a finding.
DestinationPort— (Integer)The destination port of network-related information about a finding.
DestinationDomain— (String)The destination domain of network-related information about a finding.
Process— (map)The details of process-related information about a finding.
Name— (String)The name of the process.
Path— (String)The path to the process executable.
Pid— (Integer)The process ID.
ParentPid— (Integer)The parent process ID.
LaunchedAt— (String)The date/time that the process was launched.
TerminatedAt— (String)The date/time that the process was terminated.
ThreatIntelIndicators— (Array<map>)Threat intel details related to a finding.
Type— (String)The type of a threat intel indicator.
Possible values include:"DOMAIN""EMAIL_ADDRESS""HASH_MD5""HASH_SHA1""HASH_SHA256""HASH_SHA512""IPV4_ADDRESS""IPV6_ADDRESS""MUTEX""PROCESS""URL"
Value— (String)The value of a threat intel indicator.
Category— (String)The category of a threat intel indicator.
Possible values include:"BACKDOOR""CARD_STEALER""COMMAND_AND_CONTROL""DROP_SITE""EXPLOIT_SITE""KEYLOGGER"
LastObservedAt— (String)The date/time of the last observation of a threat intel indicator.
Source— (String)The source of the threat intel.
SourceUrl— (String)The URL for more details from the source of the threat intel.
Resources— required — (Array<map>)A set of resource data types that describe the resources to which the finding refers.
Type— required — (String)Specifies the type of the resource for which details are provided.
Id— required — (String)The canonical identifier for the given resource type.
Partition— (String)The canonical AWS partition name to which the region is assigned.
Possible values include:"aws""aws-cn""aws-us-gov"
Region— (String)The canonical AWS external region name where this resource is located.
Tags— (map<String>)A list of AWS tags associated with a resource at the time the finding was processed.
Details— (map)Provides additional details about the resource.
AwsEc2Instance— (map)The details of an AWS EC2 instance.
Type— (String)The instance type of the instance.
ImageId— (String)The Amazon Machine Image (AMI) ID of the instance.
IpV4Addresses— (Array<String>)The IPv4 addresses associated with the instance.
IpV6Addresses— (Array<String>)The IPv6 addresses associated with the instance.
KeyName— (String)The key name associated with the instance.
IamInstanceProfileArn— (String)The IAM profile ARN of the instance.
VpcId— (String)The identifier of the VPC in which the instance was launched.
SubnetId— (String)The identifier of the subnet in which the instance was launched.
LaunchedAt— (String)The date/time the instance was launched.
AwsS3Bucket— (map)The details of an AWS S3 Bucket.
OwnerId— (String)The canonical user ID of the owner of the S3 bucket.
OwnerName— (String)The display name of the owner of the S3 bucket.
AwsIamAccessKey— (map)AWS IAM access key details related to a finding.
UserName— (String)The user associated with the IAM access key related to a finding.
Status— (String)The status of the IAM access key related to a finding.
Possible values include:"Active""Inactive"
CreatedAt— (String)The creation date/time of the IAM access key related to a finding.
Container— (map)Container details related to a finding.
Name— (String)The name of the container related to a finding.
ImageId— (String)The identifier of the image related to a finding.
ImageName— (String)The name of the image related to a finding.
LaunchedAt— (String)The date/time that the container was started.
Other— (map<String>)The details of a resource that does not have a specific sub-field for the resource type defined.
Compliance— (map)This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations). Contains compliance-related finding details.
Status— (String)Indicates the result of a compliance check.
Possible values include:"PASSED""WARNING""FAILED""NOT_AVAILABLE"
VerificationState— (String)Indicates the veracity of a finding.
Possible values include:"UNKNOWN""TRUE_POSITIVE""FALSE_POSITIVE""BENIGN_POSITIVE"
WorkflowState— (String)The workflow state of a finding.
Possible values include:"NEW""ASSIGNED""IN_PROGRESS""DEFERRED""RESOLVED"
RecordState— (String)The record state of a finding.
Possible values include:"ACTIVE""ARCHIVED"
RelatedFindings— (Array<map>)A list of related findings.
ProductArn— required — (String)The ARN of the solution that generated a related finding.
Id— required — (String)The solution-generated identifier for a related finding.
Note— (map)A user-defined note added to a finding.
Text— required — (String)The text of a note.
UpdatedBy— required — (String)The principal that created a note.
UpdatedAt— required — (String)The timestamp of when the note was updated.
NextToken— (String)The token that is required for pagination.
-
(AWS.Response)
—
Returns:
getInsightResults(params = {}, callback) ⇒ AWS.Request
Lists the results of the Security Hub insight specified by the insight ARN.
Service Reference:
Examples:
Calling the getInsightResults operation
var params = {
InsightArn: 'STRING_VALUE' /* required */
};
securityhub.getInsightResults(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
InsightArn— (String)The ARN of the insight whose results you want to see.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:InsightResults— (map)The insight results returned by the operation.
InsightArn— required — (String)The ARN of the insight whose results are returned by the GetInsightResults operation.
GroupByAttribute— required — (String)The attribute by which the findings are grouped for the insight's whose results are returned by the GetInsightResults operation.
ResultValues— required — (Array<map>)The list of insight result values returned by the GetInsightResults operation.
GroupByAttributeValue— required — (String)The value of the attribute by which the findings are grouped for the insight's whose results are returned by the GetInsightResults operation.
Count— required — (Integer)The number of findings returned for each GroupByAttributeValue.
-
(AWS.Response)
—
Returns:
getInsights(params = {}, callback) ⇒ AWS.Request
Lists and describes insights that are specified by insight ARNs.
Service Reference:
Examples:
Calling the getInsights operation
var params = {
InsightArns: [
'STRING_VALUE',
/* more items */
],
MaxResults: 'NUMBER_VALUE',
NextToken: 'STRING_VALUE'
};
securityhub.getInsights(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
InsightArns— (Array<String>)The ARNS of the insights that you want to describe.
NextToken— (String)Paginates results. Set the value of this parameter to NULL on your first call to the GetInsights operation. For subsequent calls to the operation, fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
MaxResults— (Integer)Indicates the maximum number of items that you want in the response.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:Insights— (Array<map>)The insights returned by the operation.
InsightArn— required — (String)The ARN of a Security Hub insight.
Name— required — (String)The name of a Security Hub insight.
Filters— required — (map)A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.
ProductArn— (Array<map>)The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) once this provider's product (solution that generates findings) is registered with Security Hub.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
AwsAccountId— (Array<map>)The AWS account ID in which a finding is generated.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Id— (Array<map>)The security findings provider-specific identifier for a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
GeneratorId— (Array<map>)This is the identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings provider's solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Type— (Array<map>)A finding type in the format of 'namespace/category/classifier' that classifies a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
FirstObservedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
LastObservedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
CreatedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was created by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
UpdatedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the finding record was last updated by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
SeverityProduct— (Array<map>)The native severity as defined by the security findings provider's solution that generated the finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
SeverityNormalized— (Array<map>)The normalized severity of a finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
SeverityLabel— (Array<map>)The label of a finding's severity.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Confidence— (Array<map>)A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale. 0 equates zero percent confidence and 100 equates to 100 percent confidence.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
Criticality— (Array<map>)The level of importance assigned to the resources associated with the finding. A score of 0 means the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
Title— (Array<map>)A finding's title.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Description— (Array<map>)A finding's description.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RecommendationText— (Array<map>)The recommendation of what to do about the issue described in a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
SourceUrl— (Array<map>)A URL that links to a page about the current finding in the security findings provider's solution.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProductFields— (Array<map>)A data type where security findings providers can include additional solution-specific details that are not part of the defined AwsSecurityFinding format.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
ProductName— (Array<map>)The name of the solution (product) that generates findings.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
CompanyName— (Array<map>)The name of the findings provider (company) that owns the solution (product) that generates findings.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
UserDefinedFields— (Array<map>)A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
MalwareName— (Array<map>)The name of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
MalwareType— (Array<map>)The type of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
MalwarePath— (Array<map>)The filesystem path of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
MalwareState— (Array<map>)The state of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkDirection— (Array<map>)Indicates the direction of network traffic associated with a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkProtocol— (Array<map>)The protocol of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkSourceIpV4— (Array<map>)The source IPv4 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkSourceIpV6— (Array<map>)The source IPv6 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkSourcePort— (Array<map>)The source port of network-related information about a finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
NetworkSourceDomain— (Array<map>)The source domain of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkSourceMac— (Array<map>)The source media access control (MAC) address of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkDestinationIpV4— (Array<map>)The destination IPv4 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkDestinationIpV6— (Array<map>)The destination IPv6 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkDestinationPort— (Array<map>)The destination port of network-related information about a finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
NetworkDestinationDomain— (Array<map>)The destination domain of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProcessName— (Array<map>)The name of the process.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProcessPath— (Array<map>)The path to the process executable.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProcessPid— (Array<map>)The process ID.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
ProcessParentPid— (Array<map>)The parent process ID.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
ProcessLaunchedAt— (Array<map>)The date/time that the process was launched.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ProcessTerminatedAt— (Array<map>)The date/time that the process was terminated.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ThreatIntelIndicatorType— (Array<map>)The type of a threat intel indicator.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorValue— (Array<map>)The value of a threat intel indicator.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorCategory— (Array<map>)The category of a threat intel indicator.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorLastObservedAt— (Array<map>)The date/time of the last observation of a threat intel indicator.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ThreatIntelIndicatorSource— (Array<map>)The source of the threat intel.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorSourceUrl— (Array<map>)The URL for more details from the source of the threat intel.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceType— (Array<map>)Specifies the type of the resource for which details are provided.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceId— (Array<map>)The canonical identifier for the given resource type.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourcePartition— (Array<map>)The canonical AWS partition name to which the region is assigned.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceRegion— (Array<map>)The canonical AWS external region name where this resource is located.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceTags— (Array<map>)A list of AWS tags associated with a resource at the time the finding was processed.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
ResourceAwsEc2InstanceType— (Array<map>)The instance type of the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceImageId— (Array<map>)The Amazon Machine Image (AMI) ID of the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceIpV4Addresses— (Array<map>)The IPv4 addresses associated with the instance.
Cidr— (String)Finding's CIDR value.
ResourceAwsEc2InstanceIpV6Addresses— (Array<map>)The IPv6 addresses associated with the instance.
Cidr— (String)Finding's CIDR value.
ResourceAwsEc2InstanceKeyName— (Array<map>)The key name associated with the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceIamInstanceProfileArn— (Array<map>)The IAM profile ARN of the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceVpcId— (Array<map>)The identifier of the VPC in which the instance was launched.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceSubnetId— (Array<map>)The identifier of the subnet in which the instance was launched.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceLaunchedAt— (Array<map>)The date/time the instance was launched.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ResourceAwsS3BucketOwnerId— (Array<map>)The canonical user ID of the owner of the S3 bucket.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsS3BucketOwnerName— (Array<map>)The display name of the owner of the S3 bucket.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsIamAccessKeyUserName— (Array<map>)The user associated with the IAM access key related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsIamAccessKeyStatus— (Array<map>)The status of the IAM access key related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsIamAccessKeyCreatedAt— (Array<map>)The creation date/time of the IAM access key related to a finding.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ResourceContainerName— (Array<map>)The name of the container related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceContainerImageId— (Array<map>)The identifier of the image related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceContainerImageName— (Array<map>)The name of the image related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceContainerLaunchedAt— (Array<map>)The date/time that the container was started.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ResourceDetailsOther— (Array<map>)The details of a resource that does not have a specific sub-field for the resource type defined.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
ComplianceStatus— (Array<map>)Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations). Contains compliance-related finding details.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
VerificationState— (Array<map>)Indicates the veracity of a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
WorkflowState— (Array<map>)The workflow state of a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RecordState— (Array<map>)The updated record state for the finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RelatedFindingsProductArn— (Array<map>)The ARN of the solution that generated a related finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RelatedFindingsId— (Array<map>)The solution-generated identifier for a related finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NoteText— (Array<map>)The text of a note.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NoteUpdatedAt— (Array<map>)The timestamp of when the note was updated.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
NoteUpdatedBy— (Array<map>)The principal that created a note.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Keyword— (Array<map>)A keyword for a finding.
Value— (String)A value for the keyword.
GroupByAttribute— required — (String)The attribute by which the insight's findings are grouped. This attribute is used as a findings aggregator for the purposes of viewing and managing multiple related findings under a single operand.
NextToken— (String)The token that is required for pagination.
-
(AWS.Response)
—
Returns:
getInvitationsCount(params = {}, callback) ⇒ AWS.Request
Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation.
Service Reference:
Examples:
Calling the getInvitationsCount operation
var params = {
};
securityhub.getInvitationsCount(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
- params (Object) (defaults to: {})
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:InvitationsCount— (Integer)The number of all membership invitations sent to this Security Hub member account, not including the currently accepted invitation.
-
(AWS.Response)
—
Returns:
getMasterAccount(params = {}, callback) ⇒ AWS.Request
Provides the details for the Security Hub master account to the current member account.
Service Reference:
Examples:
Calling the getMasterAccount operation
var params = {
};
securityhub.getMasterAccount(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
- params (Object) (defaults to: {})
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:Master— (map)A list of details about the Security Hub master account for the current member account.
AccountId— (String)The account ID of the master Security Hub account who sent the invitation.
InvitationId— (String)The ID of the invitation sent by the master Security Hub account.
InvitedAt— (Date)The timestamp of when the invitation was sent.
MemberStatus— (String)The current relationship status between the inviter and invitee accounts.
-
(AWS.Response)
—
Returns:
getMembers(params = {}, callback) ⇒ AWS.Request
Returns the details on the Security Hub member accounts that are specified by the account IDs.
Service Reference:
Examples:
Calling the getMembers operation
var params = {
AccountIds: [ /* required */
'STRING_VALUE',
/* more items */
]
};
securityhub.getMembers(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
AccountIds— (Array<String>)A list of account IDs for the Security Hub member accounts on which you want to return the details.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:Members— (Array<map>)A list of details about the Security Hub member accounts.
AccountId— (String)The AWS account ID of a Security Hub member account.
Email— (String)The email of a Security Hub member account.
MasterId— (String)The AWS account ID of the master Security Hub account to this member account.
MemberStatus— (String)The status of the relationship between the member account and its master account.
InvitedAt— (Date)Time stamp at which the member account was invited to Security Hub.
UpdatedAt— (Date)Time stamp at which this member account was updated.
UnprocessedAccounts— (Array<map>)A list of account ID and email address pairs of the AWS accounts that could not be processed.
AccountId— (String)An ID of the AWS account that could not be processed.
ProcessingResult— (String)The reason for why an account could not be processed.
-
(AWS.Response)
—
Returns:
inviteMembers(params = {}, callback) ⇒ AWS.Request
Invites other AWS accounts to enable Security Hub and become Security Hub member accounts. When an account accepts the invitation and becomes a member account, the master account can view Security Hub findings of the member account.
Service Reference:
Examples:
Calling the inviteMembers operation
var params = {
AccountIds: [
'STRING_VALUE',
/* more items */
]
};
securityhub.inviteMembers(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
AccountIds— (Array<String>)A list of IDs of the AWS accounts that you want to invite to Security Hub as members.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:UnprocessedAccounts— (Array<map>)A list of account ID and email address pairs of the AWS accounts that could not be processed.
AccountId— (String)An ID of the AWS account that could not be processed.
ProcessingResult— (String)The reason for why an account could not be processed.
-
(AWS.Response)
—
Returns:
listEnabledProductsForImport(params = {}, callback) ⇒ AWS.Request
Lists all findings-generating solutions (products) whose findings you've subscribed to receive in Security Hub.
Service Reference:
Examples:
Calling the listEnabledProductsForImport operation
var params = {
MaxResults: 'NUMBER_VALUE',
NextToken: 'STRING_VALUE'
};
securityhub.listEnabledProductsForImport(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
NextToken— (String)Paginates results. Set the value of this parameter to NULL on your first call to the ListEnabledProductsForImport operation. For subsequent calls to the operation, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
MaxResults— (Integer)Indicates the maximum number of items that you want in the response.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:ProductSubscriptions— (Array<String>)A list of ARNs for the resources that represent your subscriptions to products.
NextToken— (String)The token that is required for pagination.
-
(AWS.Response)
—
Returns:
listInvitations(params = {}, callback) ⇒ AWS.Request
Lists all Security Hub membership invitations that were sent to the current AWS account.
Service Reference:
Examples:
Calling the listInvitations operation
var params = {
MaxResults: 'NUMBER_VALUE',
NextToken: 'STRING_VALUE'
};
securityhub.listInvitations(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
MaxResults— (Integer)Indicates the maximum number of items that you want in the response.
NextToken— (String)Paginates results. Set the value of this parameter to NULL on your first call to the ListInvitations operation. For subsequent calls to the operation, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:Invitations— (Array<map>)The details of the invitations returned by the operation.
AccountId— (String)The account ID of the master Security Hub account who sent the invitation.
InvitationId— (String)The ID of the invitation sent by the master Security Hub account.
InvitedAt— (Date)The timestamp of when the invitation was sent.
MemberStatus— (String)The current relationship status between the inviter and invitee accounts.
NextToken— (String)The token that is required for pagination.
-
(AWS.Response)
—
Returns:
listMembers(params = {}, callback) ⇒ AWS.Request
Lists details about all member accounts for the current Security Hub master account.
Service Reference:
Examples:
Calling the listMembers operation
var params = {
MaxResults: 'NUMBER_VALUE',
NextToken: 'STRING_VALUE',
OnlyAssociated: true || false
};
securityhub.listMembers(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
OnlyAssociated— (Boolean)Specifies what member accounts the response includes based on their relationship status with the master account. The default value is TRUE. If onlyAssociated is set to TRUE, the response includes member accounts whose relationship status with the master is set to ENABLED or DISABLED. If onlyAssociated is set to FALSE, the response includes all existing member accounts.
MaxResults— (Integer)Indicates the maximum number of items that you want in the response.
NextToken— (String)Paginates results. Set the value of this parameter to NULL on your first call to the ListMembers operation. For subsequent calls to the operation, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs. Thedataobject has the following properties:Members— (Array<map>)Member details returned by the operation.
AccountId— (String)The AWS account ID of a Security Hub member account.
Email— (String)The email of a Security Hub member account.
MasterId— (String)The AWS account ID of the master Security Hub account to this member account.
MemberStatus— (String)The status of the relationship between the member account and its master account.
InvitedAt— (Date)Time stamp at which the member account was invited to Security Hub.
UpdatedAt— (Date)Time stamp at which this member account was updated.
NextToken— (String)The token that is required for pagination.
-
(AWS.Response)
—
Returns:
updateFindings(params = {}, callback) ⇒ AWS.Request
Updates the AWS Security Hub-aggregated findings specified by the filter attributes.
Service Reference:
Examples:
Calling the updateFindings operation
var params = {
Filters: { /* required */
AwsAccountId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
CompanyName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ComplianceStatus: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Confidence: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
CreatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
Criticality: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
Description: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
FirstObservedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
GeneratorId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Id: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Keyword: [
{
Value: 'STRING_VALUE'
},
/* more items */
],
LastObservedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
MalwareName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
MalwarePath: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
MalwareState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
MalwareType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationDomain: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationIpV4: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationIpV6: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationPort: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
NetworkDirection: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkProtocol: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceDomain: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceIpV4: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceIpV6: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceMac: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkSourcePort: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
NoteText: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NoteUpdatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
NoteUpdatedBy: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProcessLaunchedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ProcessName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProcessParentPid: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
ProcessPath: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProcessPid: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
ProcessTerminatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ProductArn: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProductFields: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
ProductName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RecommendationText: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RecordState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RelatedFindingsId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RelatedFindingsProductArn: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceIamInstanceProfileArn: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceImageId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceIpV4Addresses: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceIpV6Addresses: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceKeyName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceLaunchedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceSubnetId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceVpcId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsIamAccessKeyCreatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsIamAccessKeyStatus: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsIamAccessKeyUserName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsS3BucketOwnerId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsS3BucketOwnerName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerImageId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerImageName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerLaunchedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceDetailsOther: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourcePartition: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceRegion: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceTags: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
SeverityLabel: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
SeverityNormalized: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
SeverityProduct: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
SourceUrl: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorCategory: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorLastObservedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorSource: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorSourceUrl: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorValue: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Title: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Type: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
UpdatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
UserDefinedFields: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
VerificationState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
WorkflowState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
]
},
Note: {
Text: 'STRING_VALUE', /* required */
UpdatedBy: 'STRING_VALUE' /* required */
},
RecordState: ACTIVE | ARCHIVED
};
securityhub.updateFindings(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
Filters— (map)A collection of attributes that specify what findings you want to update.
ProductArn— (Array<map>)The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) once this provider's product (solution that generates findings) is registered with Security Hub.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
AwsAccountId— (Array<map>)The AWS account ID in which a finding is generated.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Id— (Array<map>)The security findings provider-specific identifier for a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
GeneratorId— (Array<map>)This is the identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings provider's solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Type— (Array<map>)A finding type in the format of 'namespace/category/classifier' that classifies a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
FirstObservedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
LastObservedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
CreatedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was created by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
UpdatedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the finding record was last updated by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
SeverityProduct— (Array<map>)The native severity as defined by the security findings provider's solution that generated the finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
SeverityNormalized— (Array<map>)The normalized severity of a finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
SeverityLabel— (Array<map>)The label of a finding's severity.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Confidence— (Array<map>)A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale. 0 equates zero percent confidence and 100 equates to 100 percent confidence.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
Criticality— (Array<map>)The level of importance assigned to the resources associated with the finding. A score of 0 means the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
Title— (Array<map>)A finding's title.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Description— (Array<map>)A finding's description.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RecommendationText— (Array<map>)The recommendation of what to do about the issue described in a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
SourceUrl— (Array<map>)A URL that links to a page about the current finding in the security findings provider's solution.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProductFields— (Array<map>)A data type where security findings providers can include additional solution-specific details that are not part of the defined AwsSecurityFinding format.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
ProductName— (Array<map>)The name of the solution (product) that generates findings.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
CompanyName— (Array<map>)The name of the findings provider (company) that owns the solution (product) that generates findings.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
UserDefinedFields— (Array<map>)A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
MalwareName— (Array<map>)The name of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
MalwareType— (Array<map>)The type of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
MalwarePath— (Array<map>)The filesystem path of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
MalwareState— (Array<map>)The state of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkDirection— (Array<map>)Indicates the direction of network traffic associated with a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkProtocol— (Array<map>)The protocol of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkSourceIpV4— (Array<map>)The source IPv4 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkSourceIpV6— (Array<map>)The source IPv6 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkSourcePort— (Array<map>)The source port of network-related information about a finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
NetworkSourceDomain— (Array<map>)The source domain of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkSourceMac— (Array<map>)The source media access control (MAC) address of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkDestinationIpV4— (Array<map>)The destination IPv4 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkDestinationIpV6— (Array<map>)The destination IPv6 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkDestinationPort— (Array<map>)The destination port of network-related information about a finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
NetworkDestinationDomain— (Array<map>)The destination domain of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProcessName— (Array<map>)The name of the process.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProcessPath— (Array<map>)The path to the process executable.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProcessPid— (Array<map>)The process ID.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
ProcessParentPid— (Array<map>)The parent process ID.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
ProcessLaunchedAt— (Array<map>)The date/time that the process was launched.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ProcessTerminatedAt— (Array<map>)The date/time that the process was terminated.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ThreatIntelIndicatorType— (Array<map>)The type of a threat intel indicator.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorValue— (Array<map>)The value of a threat intel indicator.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorCategory— (Array<map>)The category of a threat intel indicator.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorLastObservedAt— (Array<map>)The date/time of the last observation of a threat intel indicator.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ThreatIntelIndicatorSource— (Array<map>)The source of the threat intel.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorSourceUrl— (Array<map>)The URL for more details from the source of the threat intel.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceType— (Array<map>)Specifies the type of the resource for which details are provided.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceId— (Array<map>)The canonical identifier for the given resource type.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourcePartition— (Array<map>)The canonical AWS partition name to which the region is assigned.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceRegion— (Array<map>)The canonical AWS external region name where this resource is located.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceTags— (Array<map>)A list of AWS tags associated with a resource at the time the finding was processed.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
ResourceAwsEc2InstanceType— (Array<map>)The instance type of the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceImageId— (Array<map>)The Amazon Machine Image (AMI) ID of the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceIpV4Addresses— (Array<map>)The IPv4 addresses associated with the instance.
Cidr— (String)Finding's CIDR value.
ResourceAwsEc2InstanceIpV6Addresses— (Array<map>)The IPv6 addresses associated with the instance.
Cidr— (String)Finding's CIDR value.
ResourceAwsEc2InstanceKeyName— (Array<map>)The key name associated with the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceIamInstanceProfileArn— (Array<map>)The IAM profile ARN of the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceVpcId— (Array<map>)The identifier of the VPC in which the instance was launched.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceSubnetId— (Array<map>)The identifier of the subnet in which the instance was launched.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceLaunchedAt— (Array<map>)The date/time the instance was launched.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ResourceAwsS3BucketOwnerId— (Array<map>)The canonical user ID of the owner of the S3 bucket.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsS3BucketOwnerName— (Array<map>)The display name of the owner of the S3 bucket.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsIamAccessKeyUserName— (Array<map>)The user associated with the IAM access key related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsIamAccessKeyStatus— (Array<map>)The status of the IAM access key related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsIamAccessKeyCreatedAt— (Array<map>)The creation date/time of the IAM access key related to a finding.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ResourceContainerName— (Array<map>)The name of the container related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceContainerImageId— (Array<map>)The identifier of the image related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceContainerImageName— (Array<map>)The name of the image related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceContainerLaunchedAt— (Array<map>)The date/time that the container was started.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ResourceDetailsOther— (Array<map>)The details of a resource that does not have a specific sub-field for the resource type defined.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
ComplianceStatus— (Array<map>)Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations). Contains compliance-related finding details.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
VerificationState— (Array<map>)Indicates the veracity of a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
WorkflowState— (Array<map>)The workflow state of a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RecordState— (Array<map>)The updated record state for the finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RelatedFindingsProductArn— (Array<map>)The ARN of the solution that generated a related finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RelatedFindingsId— (Array<map>)The solution-generated identifier for a related finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NoteText— (Array<map>)The text of a note.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NoteUpdatedAt— (Array<map>)The timestamp of when the note was updated.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
NoteUpdatedBy— (Array<map>)The principal that created a note.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Keyword— (Array<map>)A keyword for a finding.
Value— (String)A value for the keyword.
Note— (map)The updated note for the finding.
Text— required — (String)The updated note text.
UpdatedBy— required — (String)The principal that updated the note.
RecordState— (String)The updated record state for the finding.
Possible values include:"ACTIVE""ARCHIVED"
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs.
-
(AWS.Response)
—
Returns:
updateInsight(params = {}, callback) ⇒ AWS.Request
Updates the AWS Security Hub insight specified by the insight ARN.
Service Reference:
Examples:
Calling the updateInsight operation
var params = {
InsightArn: 'STRING_VALUE', /* required */
Filters: {
AwsAccountId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
CompanyName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ComplianceStatus: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Confidence: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
CreatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
Criticality: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
Description: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
FirstObservedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
GeneratorId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Id: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Keyword: [
{
Value: 'STRING_VALUE'
},
/* more items */
],
LastObservedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
MalwareName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
MalwarePath: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
MalwareState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
MalwareType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationDomain: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationIpV4: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationIpV6: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkDestinationPort: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
NetworkDirection: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkProtocol: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceDomain: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceIpV4: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceIpV6: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
NetworkSourceMac: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NetworkSourcePort: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
NoteText: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
NoteUpdatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
NoteUpdatedBy: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProcessLaunchedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ProcessName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProcessParentPid: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
ProcessPath: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProcessPid: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
ProcessTerminatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ProductArn: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ProductFields: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
ProductName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RecommendationText: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RecordState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RelatedFindingsId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
RelatedFindingsProductArn: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceIamInstanceProfileArn: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceImageId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceIpV4Addresses: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceIpV6Addresses: [
{
Cidr: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceKeyName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceLaunchedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceSubnetId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsEc2InstanceVpcId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsIamAccessKeyCreatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsIamAccessKeyStatus: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsIamAccessKeyUserName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsS3BucketOwnerId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceAwsS3BucketOwnerName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerImageId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerImageName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerLaunchedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ResourceContainerName: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceDetailsOther: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceId: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourcePartition: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceRegion: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceTags: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
ResourceType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
SeverityLabel: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
SeverityNormalized: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
SeverityProduct: [
{
Eq: 'NUMBER_VALUE',
Gte: 'NUMBER_VALUE',
Lte: 'NUMBER_VALUE'
},
/* more items */
],
SourceUrl: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorCategory: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorLastObservedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorSource: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorSourceUrl: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorType: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
ThreatIntelIndicatorValue: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Title: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
Type: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
UpdatedAt: [
{
DateRange: {
Unit: DAYS,
Value: 'NUMBER_VALUE'
},
End: 'STRING_VALUE',
Start: 'STRING_VALUE'
},
/* more items */
],
UserDefinedFields: [
{
Comparison: CONTAINS,
Key: 'STRING_VALUE',
Value: 'STRING_VALUE'
},
/* more items */
],
VerificationState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
],
WorkflowState: [
{
Comparison: EQUALS | CONTAINS | PREFIX,
Value: 'STRING_VALUE'
},
/* more items */
]
},
GroupByAttribute: 'STRING_VALUE',
Name: 'STRING_VALUE'
};
securityhub.updateInsight(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});Parameters:
-
params
(Object)
(defaults to: {})
—
InsightArn— (String)The ARN of the insight that you want to update.
Name— (String)The updated name for the insight.
Filters— (map)The updated filters that define this insight.
ProductArn— (Array<map>)The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) once this provider's product (solution that generates findings) is registered with Security Hub.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
AwsAccountId— (Array<map>)The AWS account ID in which a finding is generated.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Id— (Array<map>)The security findings provider-specific identifier for a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
GeneratorId— (Array<map>)This is the identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings provider's solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Type— (Array<map>)A finding type in the format of 'namespace/category/classifier' that classifies a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
FirstObservedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
LastObservedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
CreatedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the potential security issue captured by a finding was created by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
UpdatedAt— (Array<map>)An ISO8601-formatted timestamp that indicates when the finding record was last updated by the security findings provider.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
SeverityProduct— (Array<map>)The native severity as defined by the security findings provider's solution that generated the finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
SeverityNormalized— (Array<map>)The normalized severity of a finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
SeverityLabel— (Array<map>)The label of a finding's severity.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Confidence— (Array<map>)A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale. 0 equates zero percent confidence and 100 equates to 100 percent confidence.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
Criticality— (Array<map>)The level of importance assigned to the resources associated with the finding. A score of 0 means the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
Title— (Array<map>)A finding's title.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Description— (Array<map>)A finding's description.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RecommendationText— (Array<map>)The recommendation of what to do about the issue described in a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
SourceUrl— (Array<map>)A URL that links to a page about the current finding in the security findings provider's solution.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProductFields— (Array<map>)A data type where security findings providers can include additional solution-specific details that are not part of the defined AwsSecurityFinding format.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
ProductName— (Array<map>)The name of the solution (product) that generates findings.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
CompanyName— (Array<map>)The name of the findings provider (company) that owns the solution (product) that generates findings.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
UserDefinedFields— (Array<map>)A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
MalwareName— (Array<map>)The name of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
MalwareType— (Array<map>)The type of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
MalwarePath— (Array<map>)The filesystem path of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
MalwareState— (Array<map>)The state of the malware that was observed.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkDirection— (Array<map>)Indicates the direction of network traffic associated with a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkProtocol— (Array<map>)The protocol of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkSourceIpV4— (Array<map>)The source IPv4 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkSourceIpV6— (Array<map>)The source IPv6 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkSourcePort— (Array<map>)The source port of network-related information about a finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
NetworkSourceDomain— (Array<map>)The source domain of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkSourceMac— (Array<map>)The source media access control (MAC) address of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NetworkDestinationIpV4— (Array<map>)The destination IPv4 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkDestinationIpV6— (Array<map>)The destination IPv6 address of network-related information about a finding.
Cidr— (String)Finding's CIDR value.
NetworkDestinationPort— (Array<map>)The destination port of network-related information about a finding.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
NetworkDestinationDomain— (Array<map>)The destination domain of network-related information about a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProcessName— (Array<map>)The name of the process.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProcessPath— (Array<map>)The path to the process executable.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ProcessPid— (Array<map>)The process ID.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
ProcessParentPid— (Array<map>)The parent process ID.
Gte— (Float)Represents the "greater than equal" condition to be applied to a single field when querying for findings.
Lte— (Float)Represents the "less than equal" condition to be applied to a single field when querying for findings.
Eq— (Float)Represents the "equal to" condition to be applied to a single field when querying for findings.
ProcessLaunchedAt— (Array<map>)The date/time that the process was launched.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ProcessTerminatedAt— (Array<map>)The date/time that the process was terminated.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ThreatIntelIndicatorType— (Array<map>)The type of a threat intel indicator.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorValue— (Array<map>)The value of a threat intel indicator.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorCategory— (Array<map>)The category of a threat intel indicator.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorLastObservedAt— (Array<map>)The date/time of the last observation of a threat intel indicator.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ThreatIntelIndicatorSource— (Array<map>)The source of the threat intel.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ThreatIntelIndicatorSourceUrl— (Array<map>)The URL for more details from the source of the threat intel.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceType— (Array<map>)Specifies the type of the resource for which details are provided.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceId— (Array<map>)The canonical identifier for the given resource type.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourcePartition— (Array<map>)The canonical AWS partition name to which the region is assigned.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceRegion— (Array<map>)The canonical AWS external region name where this resource is located.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceTags— (Array<map>)A list of AWS tags associated with a resource at the time the finding was processed.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
ResourceAwsEc2InstanceType— (Array<map>)The instance type of the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceImageId— (Array<map>)The Amazon Machine Image (AMI) ID of the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceIpV4Addresses— (Array<map>)The IPv4 addresses associated with the instance.
Cidr— (String)Finding's CIDR value.
ResourceAwsEc2InstanceIpV6Addresses— (Array<map>)The IPv6 addresses associated with the instance.
Cidr— (String)Finding's CIDR value.
ResourceAwsEc2InstanceKeyName— (Array<map>)The key name associated with the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceIamInstanceProfileArn— (Array<map>)The IAM profile ARN of the instance.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceVpcId— (Array<map>)The identifier of the VPC in which the instance was launched.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceSubnetId— (Array<map>)The identifier of the subnet in which the instance was launched.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsEc2InstanceLaunchedAt— (Array<map>)The date/time the instance was launched.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ResourceAwsS3BucketOwnerId— (Array<map>)The canonical user ID of the owner of the S3 bucket.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsS3BucketOwnerName— (Array<map>)The display name of the owner of the S3 bucket.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsIamAccessKeyUserName— (Array<map>)The user associated with the IAM access key related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsIamAccessKeyStatus— (Array<map>)The status of the IAM access key related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceAwsIamAccessKeyCreatedAt— (Array<map>)The creation date/time of the IAM access key related to a finding.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ResourceContainerName— (Array<map>)The name of the container related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceContainerImageId— (Array<map>)The identifier of the image related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceContainerImageName— (Array<map>)The name of the image related to a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
ResourceContainerLaunchedAt— (Array<map>)The date/time that the container was started.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
ResourceDetailsOther— (Array<map>)The details of a resource that does not have a specific sub-field for the resource type defined.
Key— (String)The key of the map filter.
Value— (String)The value for the key in the map filter.
Comparison— (String)Represents the condition to be applied to a key value when querying for findings with a map filter.
Possible values include:"CONTAINS"
ComplianceStatus— (Array<map>)Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard (for example, AWS CIS Foundations). Contains compliance-related finding details.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
VerificationState— (Array<map>)Indicates the veracity of a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
WorkflowState— (Array<map>)The workflow state of a finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RecordState— (Array<map>)The updated record state for the finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RelatedFindingsProductArn— (Array<map>)The ARN of the solution that generated a related finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
RelatedFindingsId— (Array<map>)The solution-generated identifier for a related finding.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NoteText— (Array<map>)The text of a note.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
NoteUpdatedAt— (Array<map>)The timestamp of when the note was updated.
Start— (String)A start date for the date filter.
End— (String)An end date for the date filter.
DateRange— (map)A date range for the date filter.
Value— (Integer)A date range value for the date filter.
Unit— (String)A date range unit for the date filter.
Possible values include:"DAYS"
NoteUpdatedBy— (Array<map>)The principal that created a note.
Value— (String)The string filter value.
Comparison— (String)Represents the condition to be applied to a string value when querying for findings.
Possible values include:"EQUALS""CONTAINS""PREFIX"
Keyword— (Array<map>)A keyword for a finding.
Value— (String)A value for the keyword.
GroupByAttribute— (String)The updated GroupBy attribute that defines this insight.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
nullif the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
nullif a request error occurs.
-
(AWS.Response)
—
Returns: