Package-level declarations

Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps you assess your Amazon Web Services environment against security industry standards and best practices.

Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.

This method is deprecated. Instead, use AcceptAdministratorInvitation.

Deletes one or more automation rules.

Disables the standards specified by the provided StandardsSubscriptionArns.

Enables the standards specified by the provided StandardsArn. To obtain the ARN for a standard, use the DescribeStandards operation.

Retrieves a list of details for automation rules based on rule Amazon Resource Names (ARNs).

Returns associations between an Security Hub configuration and a batch of target accounts, organizational units, or the root. Only the Security Hub delegated administrator can invoke this operation from the home Region. A configuration can refer to a configuration policy or to a self-managed configuration.

Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region.

For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard.

Imports security findings generated by a finding provider into Security Hub. This action is requested by the finding provider to import its findings into Security Hub.

Updates one or more automation rules based on rule Amazon Resource Names (ARNs) and input parameters.

Used by Security Hub customers to update information about their investigation into a finding. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their account.

For a batch of security controls and standards, this operation updates the enablement status of a control in a standard.

Creates a custom action target in Security Hub.

Creates an automation rule based on input parameters.

Creates a configuration policy with the defined configuration. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Used to enable finding aggregation. Must be called from the aggregation Region.

Creates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation.

Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the administrator account. If you are integrated with Organizations, then the administrator account is designated by the organization management account.

Declines invitations to become a member account.

Deletes a custom action target from Security Hub.

Deletes a configuration policy. Only the Security Hub delegated administrator can invoke this operation from the home Region. For the deletion to succeed, you must first disassociate a configuration policy from target accounts, organizational units, or the root by invoking the StartConfigurationPolicyDisassociation operation.

Deletes a finding aggregator. When you delete the finding aggregator, you stop finding aggregation.

Deletes the insight specified by the InsightArn.

Deletes invitations received by the Amazon Web Services account to become a member account.

Deletes the specified member accounts from Security Hub.

Returns a list of the custom action targets in Security Hub in your account.

Returns details about the Hub resource in your account, including the HubArn and the time when you enabled Security Hub.

Returns information about the way your organization is configured in Security Hub. Only the Security Hub administrator account can invoke this operation.

Returns information about product integrations in Security Hub.

Returns a list of the available standards in Security Hub.

Returns a list of security standards controls.

Disables the integration of the specified product with Security Hub. After the integration is disabled, findings from that product are no longer sent to Security Hub.

Disables a Security Hub administrator account. Can only be called by the organization management account.

Disables Security Hub in your account only in the current Amazon Web Services Region. To disable Security Hub in all Regions, you must submit one request per Region where you have enabled Security Hub.

Disassociates the current Security Hub member account from the associated administrator account.

This method is deprecated. Instead, use DisassociateFromAdministratorAccount.

Disassociates the specified member accounts from the associated administrator account.

Enables the integration of a partner product with Security Hub. Integrated products send findings to Security Hub.

Designates the Security Hub administrator account for an organization. Can only be called by the organization management account.

Enables Security Hub for your account in the current Region or the Region you specify in the request.

Provides the details for the Security Hub administrator account for the current member account.

Provides information about a configuration policy. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Returns the association between a configuration and a target account, organizational unit, or the root. The configuration can be a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Returns a list of the standards that are currently enabled.

Returns the current finding aggregation configuration.

Returns history for a Security Hub finding in the last 90 days. The history includes changes made to any fields in the Amazon Web Services Security Finding Format (ASFF).

Returns a list of findings that match the specified criteria.

Lists the results of the Security Hub insight specified by the insight ARN.

Lists and describes insights for the specified insight ARNs.

Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation.

This method is deprecated. Instead, use GetAdministratorAccount.

Returns the details for the Security Hub member accounts for the specified account IDs.

Retrieves the definition of a security control. The definition includes the control title, description, Region availability, parameter definitions, and other details.

Invites other Amazon Web Services accounts to become member accounts for the Security Hub administrator account that the invitation is sent from.

A list of automation rules and their metadata for the calling account.

Lists the configuration policies that the Security Hub delegated administrator has created for your organization. Only the delegated administrator can invoke this operation from the home Region.

Provides information about the associations for your configuration policies and self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security Hub.

If finding aggregation is enabled, then ListFindingAggregators returns the ARN of the finding aggregator. You can run this operation from any Region.

Lists all Security Hub membership invitations that were sent to the current Amazon Web Services account.

Lists details about all member accounts for the current Security Hub administrator account.

Lists the Security Hub administrator accounts. Can only be called by the organization management account.

Lists all of the security controls that apply to a specified standard.

Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account.

Returns a list of tags associated with a resource.

Associates a target account, organizational unit, or the root with a specified configuration. The target can be associated with a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Disassociates a target account, organizational unit, or the root from a specified configuration. When you disassociate a configuration from its target, the target inherits the configuration of the closest parent. If there’s no configuration to inherit, the target retains its settings but becomes a self-managed account. A target can be disassociated from a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Adds one or more tags to a resource.

Removes one or more tags from a resource.

Updates the name and description of a custom action target in Security Hub.

Updates a configuration policy. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Updates the finding aggregation configuration. Used to update the Region linking mode and the list of included or excluded Regions. You cannot use UpdateFindingAggregator to change the aggregation Region.

UpdateFindings is deprecated. Instead of UpdateFindings, use BatchUpdateFindings.

Updates the Security Hub insight identified by the specified insight ARN.

Updates the configuration of your organization in Security Hub. Only the Security Hub administrator account can invoke this operation.

Updates the properties of a security control.

Updates configuration options for Security Hub.

Used to control whether an individual security standard control is enabled or disabled.

Create a copy of the client with one or more configuration values overridden. This method allows the caller to perform scoped config overrides for one or more client operations.