Package-level declarations

Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps you assess your Amazon Web Services environment against security industry standards and best practices.

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

This method is deprecated. Instead, use AcceptAdministratorInvitation.

Deletes one or more automation rules.

Disables the standards specified by the provided StandardsSubscriptionArns.

Enables the standards specified by the provided StandardsArn. To obtain the ARN for a standard, use the DescribeStandards operation.

Retrieves a list of details for automation rules based on rule Amazon Resource Names (ARNs).

Returns associations between an Security Hub configuration and a batch of target accounts, organizational units, or the root. Only the Security Hub delegated administrator can invoke this operation from the home Region. A configuration can refer to a configuration policy or to a self-managed configuration.

Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region.

For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard.

Imports security findings generated by a finding provider into Security Hub. This action is requested by the finding provider to import its findings into Security Hub.

Updates one or more automation rules based on rule Amazon Resource Names (ARNs) and input parameters.

Used by Security Hub customers to update information about their investigation into one or more findings. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. A member account can update findings only for their own account. Administrator and member accounts can use this operation to update the following fields and objects for one or more findings:

Used by customers to update information about their investigation into a finding. Requested by delegated administrator accounts or member accounts. Delegated administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their account. BatchUpdateFindings and BatchUpdateFindingV2 both use securityhub:BatchUpdateFindings in the Action element of an IAM policy statement. You must have permission to perform the securityhub:BatchUpdateFindings action. Updates from BatchUpdateFindingsV2 don't affect the value of finding_info.modified_time, finding_info.modified_time_dt, time, time_dt for a finding. This API is in private preview and subject to change.

For a batch of security controls and standards, this operation updates the enablement status of a control in a standard.

Grants permission to complete the authorization based on input parameters. This API is in preview release and subject to change.

Creates a custom action target in Security Hub.

Enables aggregation across Amazon Web Services Regions. This API is in private preview and subject to change.

Creates an automation rule based on input parameters.

Creates a V2 automation rule. This API is in private preview and subject to change.

Creates a configuration policy with the defined configuration. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Grants permission to create a connectorV2 based on input parameters. This API is in preview release and subject to change.

The aggregation Region is now called the home Region.

Creates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation.

Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the administrator account. If you are integrated with Organizations, then the administrator account is designated by the organization management account.

Grants permission to create a ticket in the chosen ITSM based on finding information for the provided finding metadata UID. This API is in preview release and subject to change.

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Deletes a custom action target from Security Hub.

Deletes the Aggregator V2. This API is in private preview and subject to change.

Deletes a V2 automation rule. This API is in private preview and subject to change.

Deletes a configuration policy. Only the Security Hub delegated administrator can invoke this operation from the home Region. For the deletion to succeed, you must first disassociate a configuration policy from target accounts, organizational units, or the root by invoking the StartConfigurationPolicyDisassociation operation.

Grants permission to delete a connectorV2. This API is in preview release and subject to change.

The aggregation Region is now called the home Region.

Deletes the insight specified by the InsightArn.

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Deletes the specified member accounts from Security Hub.

Returns a list of the custom action targets in Security Hub in your account.

Returns details about the Hub resource in your account, including the HubArn and the time when you enabled Security Hub.

Returns information about the way your organization is configured in Security Hub. Only the Security Hub administrator account can invoke this operation.

Returns information about product integrations in Security Hub.

Gets information about the product integration. This API is in private preview and subject to change.

Returns details about the service resource in your account. This API is in private preview and subject to change.

Returns a list of the available standards in Security Hub.

Returns a list of security standards controls.

Disables the integration of the specified product with Security Hub. After the integration is disabled, findings from that product are no longer sent to Security Hub.

Disables a Security Hub administrator account. Can only be called by the organization management account.

Disables Security Hub in your account only in the current Amazon Web Services Region. To disable Security Hub in all Regions, you must submit one request per Region where you have enabled Security Hub.

Disable the service for the current Amazon Web Services Region or specified Amazon Web Services Region. This API is in private preview and subject to change.

Disassociates the current Security Hub member account from the associated administrator account.

This method is deprecated. Instead, use DisassociateFromAdministratorAccount.

Disassociates the specified member accounts from the associated administrator account.

Enables the integration of a partner product with Security Hub. Integrated products send findings to Security Hub.

Designates the Security Hub administrator account for an organization. Can only be called by the organization management account.

Enables Security Hub for your account in the current Region or the Region you specify in the request.

Enables the service in account for the current Amazon Web Services Region or specified Amazon Web Services Region. This API is in private preview and subject to change.

Provides the details for the Security Hub administrator account for the current member account.

Returns the configuration of the specified Aggregator V2. This API is in private preview and subject to change.

Returns an automation rule for the V2 service. This API is in private preview and subject to change.

Provides information about a configuration policy. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Returns the association between a configuration and a target account, organizational unit, or the root. The configuration can be a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Grants permission to retrieve details for a connectorV2 based on connector id. This API is in preview release and subject to change.

Returns a list of the standards that are currently enabled.

The aggregation Region is now called the home Region.

Returns the history of a Security Hub finding for the past 90 days. The history includes changes made to any fields in the Amazon Web Services Security Finding Format (ASFF) except top-level timestamp fields, such as the CreatedAt and UpdatedAt fields.

Returns a list of findings that match the specified criteria.

Returns aggregated statistical data about findings. GetFindingStatisticsV2 use securityhub:GetAdhocInsightResults in the Action element of an IAM policy statement. You must have permission to perform the s action. This API is in private preview and subject to change.

Return a list of findings that match the specified criteria. GetFindings and GetFindingsV2 both use securityhub:GetFindings in the Action element of an IAM policy statement. You must have permission to perform the securityhub:GetFindings action. This API is in private preview and subject to change.

Lists the results of the Security Hub insight specified by the insight ARN.

Lists and describes insights for the specified insight ARNs.

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

This method is deprecated. Instead, use GetAdministratorAccount.

Returns the details for the Security Hub member accounts for the specified account IDs.

Retrieves statistical information about Amazon Web Services resources and their associated security findings. This API is in private preview and subject to change.

Returns a list of resources. This API is in private preview and subject to change.

Retrieves the definition of a security control. The definition includes the control title, description, Region availability, parameter definitions, and other details.

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Retrieves a list of V2 aggregators. This API is in private preview and subject to change.

A list of automation rules and their metadata for the calling account.

Returns a list of automation rules and metadata for the calling account. This API is in private preview and subject to change.

Lists the configuration policies that the Security Hub delegated administrator has created for your organization. Only the delegated administrator can invoke this operation from the home Region.

Provides information about the associations for your configuration policies and self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Grants permission to retrieve a list of connectorsV2 and their metadata for the calling account. This API is in preview release and subject to change.

Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security Hub.

If cross-Region aggregation is enabled, then ListFindingAggregators returns the Amazon Resource Name (ARN) of the finding aggregator. You can run this operation from any Amazon Web Services Region.

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Lists details about all member accounts for the current Security Hub administrator account.

Lists the Security Hub administrator accounts. Can only be called by the organization management account.

Lists all of the security controls that apply to a specified standard.

Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account.

Returns a list of tags associated with a resource.

Associates a target account, organizational unit, or the root with a specified configuration. The target can be associated with a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Disassociates a target account, organizational unit, or the root from a specified configuration. When you disassociate a configuration from its target, the target inherits the configuration of the closest parent. If there’s no configuration to inherit, the target retains its settings but becomes a self-managed account. A target can be disassociated from a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Adds one or more tags to a resource.

Removes one or more tags from a resource.

Updates the name and description of a custom action target in Security Hub.

Udpates the configuration for the Aggregator V2. This API is in private preview and subject to change.

Updates a V2 automation rule. This API is in private preview and subject to change.

Updates a configuration policy. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Grants permission to update a connectorV2 based on its id and input parameters. This API is in preview release and subject to change.

The aggregation Region is now called the home Region.

UpdateFindings is a deprecated operation. Instead of UpdateFindings, use the BatchUpdateFindings operation.

Updates the Security Hub insight identified by the specified insight ARN.

Updates the configuration of your organization in Security Hub. Only the Security Hub administrator account can invoke this operation.

Updates the properties of a security control.

Updates configuration options for Security Hub.

Used to control whether an individual security standard control is enabled or disabled.

Create a copy of the client with one or more configuration values overridden. This method allows the caller to perform scoped config overrides for one or more client operations.