* Note: Do not directly implement this interface, new methods are added to it regularly. Extend from * {@link com.amazonaws.services.securityhub.AbstractAWSSecurityHub} instead. *
**
* Security Hub provides you with a comprehensive view of the security state of your Amazon Web Services environment and * resources. It also provides you with the readiness status of your environment based on controls from supported * security standards. Security Hub collects security data from Amazon Web Services accounts, services, and integrated * third-party products and helps you analyze security trends in your environment to identify the highest priority * security issues. For more information about Security Hub, see the Security HubUser Guide. *
** When you use operations in the Security Hub API, the requests are executed only in the Amazon Web Services Region * that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any * configuration or settings change that results from the operation is applied only to that Region. To make the same * change in other Regions, run the same command for each Region in which you want to apply the change. *
*
* For example, if your Region is set to us-west-2, when you use CreateMembers to add a member
* account to Security Hub, the association of the member account with the administrator account is created only in the
* us-west-2 Region. Security Hub must be enabled for the member account in the same Region that the
* invitation was sent from.
*
* The following throttling limits apply to using Security Hub API operations. *
*
* BatchEnableStandards - RateLimit of 1 request per second. BurstLimit of 1
* request per second.
*
* GetFindings - RateLimit of 3 requests per second. BurstLimit of 6 requests per
* second.
*
* BatchImportFindings - RateLimit of 10 requests per second. BurstLimit of 30
* requests per second.
*
* BatchUpdateFindings - RateLimit of 10 requests per second. BurstLimit of 30
* requests per second.
*
* UpdateStandardsControl - RateLimit of 1 request per second. BurstLimit of 5
* requests per second.
*
* All other operations - RateLimit of 10 requests per second. BurstLimit of 30 requests per
* second.
*
* Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the * invitation was sent from. *
** This operation is only used by member accounts that are not added through Organizations. *
** When the member account accepts the invitation, permission is granted to the administrator account to view * findings generated in the member account. *
* * @param acceptAdministratorInvitationRequest * @return Result of the AcceptAdministratorInvitation operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @sample AWSSecurityHub.AcceptAdministratorInvitation * @see AWS API Documentation */ AcceptAdministratorInvitationResult acceptAdministratorInvitation(AcceptAdministratorInvitationRequest acceptAdministratorInvitationRequest); /** *
* This method is deprecated. Instead, use AcceptAdministratorInvitation.
*
* The Security Hub console continues to use AcceptInvitation. It will eventually change to use
* AcceptAdministratorInvitation. Any IAM policies that specifically control access to this function
* must continue to use AcceptInvitation. You should also add
* AcceptAdministratorInvitation to your policies to ensure that the correct permissions are in place
* after the console begins to use AcceptAdministratorInvitation.
*
* Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the * invitation was sent from. *
** This operation is only used by member accounts that are not added through Organizations. *
** When the member account accepts the invitation, permission is granted to the administrator account to view * findings generated in the member account. *
* * @param acceptInvitationRequest * @return Result of the AcceptInvitation operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @sample AWSSecurityHub.AcceptInvitation * @see AWS * API Documentation */ @Deprecated AcceptInvitationResult acceptInvitation(AcceptInvitationRequest acceptInvitationRequest); /** ** Deletes one or more automation rules. *
* * @param batchDeleteAutomationRulesRequest * @return Result of the BatchDeleteAutomationRules operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.BatchDeleteAutomationRules * @see AWS API Documentation */ BatchDeleteAutomationRulesResult batchDeleteAutomationRules(BatchDeleteAutomationRulesRequest batchDeleteAutomationRulesRequest); /** *
* Disables the standards specified by the provided StandardsSubscriptionArns.
*
* For more information, see Security Standards * section of the Security Hub User Guide. *
* * @param batchDisableStandardsRequest * @return Result of the BatchDisableStandards operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.BatchDisableStandards * @see AWS API Documentation */ BatchDisableStandardsResult batchDisableStandards(BatchDisableStandardsRequest batchDisableStandardsRequest); /** *
* Enables the standards specified by the provided StandardsArn. To obtain the ARN for a standard, use
* the DescribeStandards operation.
*
* For more information, see the Security Standards * section of the Security Hub User Guide. *
* * @param batchEnableStandardsRequest * @return Result of the BatchEnableStandards operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.BatchEnableStandards * @see AWS API Documentation */ BatchEnableStandardsResult batchEnableStandards(BatchEnableStandardsRequest batchEnableStandardsRequest); /** ** Retrieves a list of details for automation rules based on rule Amazon Resource Names (ARNs). *
* * @param batchGetAutomationRulesRequest * @return Result of the BatchGetAutomationRules operation returned by the service. * @throws AccessDeniedException * You don't have permission to perform the action specified in the request. * @throws InternalException * Internal server error. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.BatchGetAutomationRules * @see AWS API Documentation */ BatchGetAutomationRulesResult batchGetAutomationRules(BatchGetAutomationRulesRequest batchGetAutomationRulesRequest); /** ** Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web * Services Region. *
* * @param batchGetSecurityControlsRequest * @return Result of the BatchGetSecurityControls operation returned by the service. * @throws InternalException * Internal server error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @sample AWSSecurityHub.BatchGetSecurityControls * @see AWS API Documentation */ BatchGetSecurityControlsResult batchGetSecurityControls(BatchGetSecurityControlsRequest batchGetSecurityControlsRequest); /** ** For a batch of security controls and standards, identifies whether each control is currently enabled or disabled * in a standard. *
* * @param batchGetStandardsControlAssociationsRequest * @return Result of the BatchGetStandardsControlAssociations operation returned by the service. * @throws InternalException * Internal server error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @sample AWSSecurityHub.BatchGetStandardsControlAssociations * @see AWS API Documentation */ BatchGetStandardsControlAssociationsResult batchGetStandardsControlAssociations( BatchGetStandardsControlAssociationsRequest batchGetStandardsControlAssociationsRequest); /** ** Imports security findings generated by a finding provider into Security Hub. This action is requested by the * finding provider to import its findings into Security Hub. *
*
* BatchImportFindings must be called by one of the following:
*
* The Amazon Web Services account that is associated with a finding if you are using the default product ARN or are a partner sending findings from within a customer's Amazon Web Services account.
* In these cases, the identifier of the account that you are calling BatchImportFindings from needs to
* be the same as the AwsAccountId attribute for the finding.
*
* An Amazon Web Services account that Security Hub has allow-listed for an official partner integration. In this
* case, you can call BatchImportFindings from the allow-listed account and send findings from
* different customer accounts in the same batch.
*
* The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb. *
*
* After a finding is created, BatchImportFindings cannot be used to update the following finding
* fields and objects, which Security Hub customers use to manage their investigation workflow.
*
* Note
*
* UserDefinedFields
*
* VerificationState
*
* Workflow
*
* Finding providers also should not use BatchImportFindings to update the following attributes.
*
* Confidence
*
* Criticality
*
* RelatedFindings
*
* Severity
*
* Types
*
* Instead, finding providers use FindingProviderFields to provide values for these attributes.
*
* Updates one or more automation rules based on rule Amazon Resource Names (ARNs) and input parameters. *
* * @param batchUpdateAutomationRulesRequest * @return Result of the BatchUpdateAutomationRules operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.BatchUpdateAutomationRules * @see AWS API Documentation */ BatchUpdateAutomationRulesResult batchUpdateAutomationRules(BatchUpdateAutomationRulesRequest batchUpdateAutomationRulesRequest); /** ** Used by Security Hub customers to update information about their investigation into a finding. Requested by * administrator accounts or member accounts. Administrator accounts can update findings for their account and their * member accounts. Member accounts can update findings for their account. *
*
* Updates from BatchUpdateFindings do not affect the value of UpdatedAt for a finding.
*
* Administrator and member accounts can use BatchUpdateFindings to update the following finding fields
* and objects.
*
* Confidence
*
* Criticality
*
* Note
*
* RelatedFindings
*
* Severity
*
* Types
*
* UserDefinedFields
*
* VerificationState
*
* Workflow
*
* You can configure IAM policies to restrict access to fields and field values. For example, you might not want * member accounts to be able to suppress findings or change the finding severity. See Configuring access to BatchUpdateFindings in the Security Hub User Guide. *
* * @param batchUpdateFindingsRequest * @return Result of the BatchUpdateFindings operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @sample AWSSecurityHub.BatchUpdateFindings * @see AWS API Documentation */ BatchUpdateFindingsResult batchUpdateFindings(BatchUpdateFindingsRequest batchUpdateFindingsRequest); /** ** For a batch of security controls and standards, this operation updates the enablement status of a control in a * standard. *
* * @param batchUpdateStandardsControlAssociationsRequest * @return Result of the BatchUpdateStandardsControlAssociations operation returned by the service. * @throws InternalException * Internal server error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @sample AWSSecurityHub.BatchUpdateStandardsControlAssociations * @see AWS API Documentation */ BatchUpdateStandardsControlAssociationsResult batchUpdateStandardsControlAssociations( BatchUpdateStandardsControlAssociationsRequest batchUpdateStandardsControlAssociationsRequest); /** ** Creates a custom action target in Security Hub. *
** You can use custom actions on findings and insights in Security Hub to trigger target actions in Amazon * CloudWatch Events. *
* * @param createActionTargetRequest * @return Result of the CreateActionTarget operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceConflictException * The resource specified in the request conflicts with an existing resource. * @sample AWSSecurityHub.CreateActionTarget * @see AWS * API Documentation */ CreateActionTargetResult createActionTarget(CreateActionTargetRequest createActionTargetRequest); /** ** Creates an automation rule based on input parameters. *
* * @param createAutomationRuleRequest * @return Result of the CreateAutomationRule operation returned by the service. * @throws AccessDeniedException * You don't have permission to perform the action specified in the request. * @throws InternalException * Internal server error. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.CreateAutomationRule * @see AWS API Documentation */ CreateAutomationRuleResult createAutomationRule(CreateAutomationRuleRequest createAutomationRuleRequest); /** ** Used to enable finding aggregation. Must be called from the aggregation Region. *
** For more details about cross-Region replication, see Configuring finding * aggregation in the Security Hub User Guide. *
* * @param createFindingAggregatorRequest * @return Result of the CreateFindingAggregator operation returned by the service. * @throws InternalException * Internal server error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws AccessDeniedException * You don't have permission to perform the action specified in the request. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @sample AWSSecurityHub.CreateFindingAggregator * @see AWS API Documentation */ CreateFindingAggregatorResult createFindingAggregator(CreateFindingAggregatorRequest createFindingAggregatorRequest); /** ** Creates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a security * issue that requires attention or remediation. *
*
* To group the related findings in the insight, use the GroupByAttribute.
*
* Creates a member association in Security Hub between the specified accounts and the account used to make the * request, which is the administrator account. If you are integrated with Organizations, then the administrator * account is designated by the organization management account. *
*
* CreateMembers is always used to add accounts that are not organization members.
*
* For accounts that are managed using Organizations, CreateMembers is only used in the following
* cases:
*
* Security Hub is not configured to automatically add new organization accounts. *
** The account was disassociated or deleted in Security Hub. *
*
* This action can only be used by an account that has Security Hub enabled. To enable Security Hub, you can use the
* EnableSecurityHub operation.
*
* For accounts that are not organization members, you create the account association and then send an invitation to
* the member account. To send the invitation, you use the InviteMembers operation. If the account
* owner accepts the invitation, the account becomes a member account in Security Hub.
*
* Accounts that are managed using Organizations do not receive an invitation. They automatically become a member * account in Security Hub. *
** If the organization account does not have Security Hub enabled, then Security Hub and the default standards are * automatically enabled. Note that Security Hub cannot be enabled automatically for the organization management * account. The organization management account must enable Security Hub before the administrator account enables it * as a member account. *
** For organization accounts that already have Security Hub enabled, Security Hub does not make any other changes to * those accounts. It does not change their enabled standards or controls. *
** A permissions policy is added that permits the administrator account to view the findings generated in the member * account. *
*
* To remove the association between the administrator and member accounts, use the
* DisassociateFromMasterAccount or DisassociateMembers operation.
*
* Declines invitations to become a member account. *
** A prospective member account uses this operation to decline an invitation to become a member. *
** This operation is only called by member accounts that aren't part of an organization. Organization accounts don't * receive invitations. *
* * @param declineInvitationsRequest * @return Result of the DeclineInvitations operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.DeclineInvitations * @see AWS * API Documentation */ DeclineInvitationsResult declineInvitations(DeclineInvitationsRequest declineInvitationsRequest); /** ** Deletes a custom action target from Security Hub. *
** Deleting a custom action target does not affect any findings or insights that were already sent to Amazon * CloudWatch Events using the custom action. *
* * @param deleteActionTargetRequest * @return Result of the DeleteActionTarget operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.DeleteActionTarget * @see AWS * API Documentation */ DeleteActionTargetResult deleteActionTarget(DeleteActionTargetRequest deleteActionTargetRequest); /** ** Deletes a finding aggregator. When you delete the finding aggregator, you stop finding aggregation. *
** When you stop finding aggregation, findings that were already aggregated to the aggregation Region are still * visible from the aggregation Region. New findings and finding updates are not aggregated. *
* * @param deleteFindingAggregatorRequest * @return Result of the DeleteFindingAggregator operation returned by the service. * @throws InternalException * Internal server error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws AccessDeniedException * You don't have permission to perform the action specified in the request. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.DeleteFindingAggregator * @see AWS API Documentation */ DeleteFindingAggregatorResult deleteFindingAggregator(DeleteFindingAggregatorRequest deleteFindingAggregatorRequest); /** *
* Deletes the insight specified by the InsightArn.
*
* Deletes invitations received by the Amazon Web Services account to become a member account. *
** A Security Hub administrator account can use this operation to delete invitations sent to one or more member * accounts. *
** This operation is only used to delete invitations that are sent to member accounts that aren't part of an * organization. Organization accounts don't receive invitations. *
* * @param deleteInvitationsRequest * @return Result of the DeleteInvitations operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @sample AWSSecurityHub.DeleteInvitations * @see AWS * API Documentation */ DeleteInvitationsResult deleteInvitations(DeleteInvitationsRequest deleteInvitationsRequest); /** ** Deletes the specified member accounts from Security Hub. *
** Can be used to delete member accounts that belong to an organization as well as member accounts that were invited * manually. *
* * @param deleteMembersRequest * @return Result of the DeleteMembers operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.DeleteMembers * @see AWS API * Documentation */ DeleteMembersResult deleteMembers(DeleteMembersRequest deleteMembersRequest); /** ** Returns a list of the custom action targets in Security Hub in your account. *
* * @param describeActionTargetsRequest * @return Result of the DescribeActionTargets operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.DescribeActionTargets * @see AWS API Documentation */ DescribeActionTargetsResult describeActionTargets(DescribeActionTargetsRequest describeActionTargetsRequest); /** *
* Returns details about the Hub resource in your account, including the HubArn and the time when you
* enabled Security Hub.
*
* Returns information about the Organizations configuration for Security Hub. Can only be called from a Security * Hub administrator account. *
* * @param describeOrganizationConfigurationRequest * @return Result of the DescribeOrganizationConfiguration operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.DescribeOrganizationConfiguration * @see AWS API Documentation */ DescribeOrganizationConfigurationResult describeOrganizationConfiguration(DescribeOrganizationConfigurationRequest describeOrganizationConfigurationRequest); /** ** Returns information about product integrations in Security Hub. *
** You can optionally provide an integration ARN. If you provide an integration ARN, then the results only include * that integration. *
** If you do not provide an integration ARN, then the results include all of the available product integrations. *
* * @param describeProductsRequest * @return Result of the DescribeProducts operation returned by the service. * @throws InternalException * Internal server error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @sample AWSSecurityHub.DescribeProducts * @see AWS * API Documentation */ DescribeProductsResult describeProducts(DescribeProductsRequest describeProductsRequest); /** ** Returns a list of the available standards in Security Hub. *
** For each standard, the results include the standard ARN, the name, and a description. *
* * @param describeStandardsRequest * @return Result of the DescribeStandards operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @sample AWSSecurityHub.DescribeStandards * @see AWS * API Documentation */ DescribeStandardsResult describeStandards(DescribeStandardsRequest describeStandardsRequest); /** ** Returns a list of security standards controls. *
** For each control, the results include information about whether it is currently enabled, the severity, and a link * to remediation information. *
* * @param describeStandardsControlsRequest * @return Result of the DescribeStandardsControls operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.DescribeStandardsControls * @see AWS API Documentation */ DescribeStandardsControlsResult describeStandardsControls(DescribeStandardsControlsRequest describeStandardsControlsRequest); /** ** Disables the integration of the specified product with Security Hub. After the integration is disabled, findings * from that product are no longer sent to Security Hub. *
* * @param disableImportFindingsForProductRequest * @return Result of the DisableImportFindingsForProduct operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.DisableImportFindingsForProduct * @see AWS API Documentation */ DisableImportFindingsForProductResult disableImportFindingsForProduct(DisableImportFindingsForProductRequest disableImportFindingsForProductRequest); /** ** Disables a Security Hub administrator account. Can only be called by the organization management account. *
* * @param disableOrganizationAdminAccountRequest * @return Result of the DisableOrganizationAdminAccount operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.DisableOrganizationAdminAccount * @see AWS API Documentation */ DisableOrganizationAdminAccountResult disableOrganizationAdminAccount(DisableOrganizationAdminAccountRequest disableOrganizationAdminAccountRequest); /** ** Disables Security Hub in your account only in the current Region. To disable Security Hub in all Regions, you * must submit one request per Region where you have enabled Security Hub. *
** When you disable Security Hub for an administrator account, it doesn't disable Security Hub for any associated * member accounts. *
** When you disable Security Hub, your existing findings and insights and any Security Hub configuration settings * are deleted after 90 days and cannot be recovered. Any standards that were enabled are disabled, and your * administrator and member account associations are removed. *
** If you want to save your existing findings, you must export them before you disable Security Hub. *
* * @param disableSecurityHubRequest * @return Result of the DisableSecurityHub operation returned by the service. * @throws InternalException * Internal server error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.DisableSecurityHub * @see AWS * API Documentation */ DisableSecurityHubResult disableSecurityHub(DisableSecurityHubRequest disableSecurityHubRequest); /** ** Disassociates the current Security Hub member account from the associated administrator account. *
** This operation is only used by accounts that are not part of an organization. For organization accounts, only the * administrator account can disassociate a member account. *
* * @param disassociateFromAdministratorAccountRequest * @return Result of the DisassociateFromAdministratorAccount operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.DisassociateFromAdministratorAccount * @see AWS API Documentation */ DisassociateFromAdministratorAccountResult disassociateFromAdministratorAccount( DisassociateFromAdministratorAccountRequest disassociateFromAdministratorAccountRequest); /** *
* This method is deprecated. Instead, use DisassociateFromAdministratorAccount.
*
* The Security Hub console continues to use DisassociateFromMasterAccount. It will eventually change
* to use DisassociateFromAdministratorAccount. Any IAM policies that specifically control access to
* this function must continue to use DisassociateFromMasterAccount. You should also add
* DisassociateFromAdministratorAccount to your policies to ensure that the correct permissions are in
* place after the console begins to use DisassociateFromAdministratorAccount.
*
* Disassociates the current Security Hub member account from the associated administrator account. *
** This operation is only used by accounts that are not part of an organization. For organization accounts, only the * administrator account can disassociate a member account. *
* * @param disassociateFromMasterAccountRequest * @return Result of the DisassociateFromMasterAccount operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.DisassociateFromMasterAccount * @see AWS API Documentation */ @Deprecated DisassociateFromMasterAccountResult disassociateFromMasterAccount(DisassociateFromMasterAccountRequest disassociateFromMasterAccountRequest); /** ** Disassociates the specified member accounts from the associated administrator account. *
** Can be used to disassociate both accounts that are managed using Organizations and accounts that were invited * manually. *
* * @param disassociateMembersRequest * @return Result of the DisassociateMembers operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.DisassociateMembers * @see AWS API Documentation */ DisassociateMembersResult disassociateMembers(DisassociateMembersRequest disassociateMembersRequest); /** ** Enables the integration of a partner product with Security Hub. Integrated products send findings to Security * Hub. *
** When you enable a product integration, a permissions policy that grants permission for the product to send * findings to Security Hub is applied. *
* * @param enableImportFindingsForProductRequest * @return Result of the EnableImportFindingsForProduct operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws ResourceConflictException * The resource specified in the request conflicts with an existing resource. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.EnableImportFindingsForProduct * @see AWS API Documentation */ EnableImportFindingsForProductResult enableImportFindingsForProduct(EnableImportFindingsForProductRequest enableImportFindingsForProductRequest); /** ** Designates the Security Hub administrator account for an organization. Can only be called by the organization * management account. *
* * @param enableOrganizationAdminAccountRequest * @return Result of the EnableOrganizationAdminAccount operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.EnableOrganizationAdminAccount * @see AWS API Documentation */ EnableOrganizationAdminAccountResult enableOrganizationAdminAccount(EnableOrganizationAdminAccountRequest enableOrganizationAdminAccountRequest); /** ** Enables Security Hub for your account in the current Region or the Region you specify in the request. *
** When you enable Security Hub, you grant to Security Hub the permissions necessary to gather findings from other * services that are integrated with Security Hub. *
*
* When you use the EnableSecurityHub operation to enable Security Hub, you also automatically enable
* the following standards:
*
* Center for Internet Security (CIS) Amazon Web Services Foundations Benchmark v1.2.0 *
** Amazon Web Services Foundational Security Best Practices *
** Other standards are not automatically enabled. *
*
* To opt out of automatically enabled standards, set EnableDefaultStandards to false.
*
* After you enable Security Hub, to enable a standard, use the BatchEnableStandards operation. To
* disable a standard, use the BatchDisableStandards operation.
*
* To learn more, see the setup information * in the Security Hub User Guide. *
* * @param enableSecurityHubRequest * @return Result of the EnableSecurityHub operation returned by the service. * @throws InternalException * Internal server error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws ResourceConflictException * The resource specified in the request conflicts with an existing resource. * @throws AccessDeniedException * You don't have permission to perform the action specified in the request. * @sample AWSSecurityHub.EnableSecurityHub * @see AWS * API Documentation */ EnableSecurityHubResult enableSecurityHub(EnableSecurityHubRequest enableSecurityHubRequest); /** ** Provides the details for the Security Hub administrator account for the current member account. *
** Can be used by both member accounts that are managed using Organizations and accounts that were invited manually. *
* * @param getAdministratorAccountRequest * @return Result of the GetAdministratorAccount operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.GetAdministratorAccount * @see AWS API Documentation */ GetAdministratorAccountResult getAdministratorAccount(GetAdministratorAccountRequest getAdministratorAccountRequest); /** ** Returns a list of the standards that are currently enabled. *
* * @param getEnabledStandardsRequest * @return Result of the GetEnabledStandards operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.GetEnabledStandards * @see AWS API Documentation */ GetEnabledStandardsResult getEnabledStandards(GetEnabledStandardsRequest getEnabledStandardsRequest); /** ** Returns the current finding aggregation configuration. *
* * @param getFindingAggregatorRequest * @return Result of the GetFindingAggregator operation returned by the service. * @throws InternalException * Internal server error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws AccessDeniedException * You don't have permission to perform the action specified in the request. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.GetFindingAggregator * @see AWS API Documentation */ GetFindingAggregatorResult getFindingAggregator(GetFindingAggregatorRequest getFindingAggregatorRequest); /** ** Returns history for a Security Hub finding in the last 90 days. The history includes changes made to any fields * in the Amazon Web Services Security Finding Format (ASFF). *
* * @param getFindingHistoryRequest * @return Result of the GetFindingHistory operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.GetFindingHistory * @see AWS * API Documentation */ GetFindingHistoryResult getFindingHistory(GetFindingHistoryRequest getFindingHistoryRequest); /** ** Returns a list of findings that match the specified criteria. *
*
* If finding aggregation is enabled, then when you call GetFindings from the aggregation Region, the
* results include all of the matching findings from both the aggregation Region and the linked Regions.
*
* Lists the results of the Security Hub insight specified by the insight ARN. *
* * @param getInsightResultsRequest * @return Result of the GetInsightResults operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.GetInsightResults * @see AWS * API Documentation */ GetInsightResultsResult getInsightResults(GetInsightResultsRequest getInsightResultsRequest); /** ** Lists and describes insights for the specified insight ARNs. *
* * @param getInsightsRequest * @return Result of the GetInsights operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.GetInsights * @see AWS API * Documentation */ GetInsightsResult getInsights(GetInsightsRequest getInsightsRequest); /** ** Returns the count of all Security Hub membership invitations that were sent to the current member account, not * including the currently accepted invitation. *
* * @param getInvitationsCountRequest * @return Result of the GetInvitationsCount operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.GetInvitationsCount * @see AWS API Documentation */ GetInvitationsCountResult getInvitationsCount(GetInvitationsCountRequest getInvitationsCountRequest); /** *
* This method is deprecated. Instead, use GetAdministratorAccount.
*
* The Security Hub console continues to use GetMasterAccount. It will eventually change to use
* GetAdministratorAccount. Any IAM policies that specifically control access to this function must
* continue to use GetMasterAccount. You should also add GetAdministratorAccount to your
* policies to ensure that the correct permissions are in place after the console begins to use
* GetAdministratorAccount.
*
* Provides the details for the Security Hub administrator account for the current member account. *
** Can be used by both member accounts that are managed using Organizations and accounts that were invited manually. *
* * @param getMasterAccountRequest * @return Result of the GetMasterAccount operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.GetMasterAccount * @see AWS * API Documentation */ @Deprecated GetMasterAccountResult getMasterAccount(GetMasterAccountRequest getMasterAccountRequest); /** ** Returns the details for the Security Hub member accounts for the specified account IDs. *
** An administrator account can be either the delegated Security Hub administrator account for an organization or an * administrator account that enabled Security Hub manually. *
** The results include both member accounts that are managed using Organizations and accounts that were invited * manually. *
* * @param getMembersRequest * @return Result of the GetMembers operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.GetMembers * @see AWS API * Documentation */ GetMembersResult getMembers(GetMembersRequest getMembersRequest); /** ** Invites other Amazon Web Services accounts to become member accounts for the Security Hub administrator account * that the invitation is sent from. *
** This operation is only used to invite accounts that do not belong to an organization. Organization accounts do * not receive invitations. *
*
* Before you can use this action to invite a member, you must first use the CreateMembers action to
* create the member account in Security Hub.
*
* When the account owner enables Security Hub and accepts the invitation to become a member account, the * administrator account can view the findings generated from the member account. *
* * @param inviteMembersRequest * @return Result of the InviteMembers operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.InviteMembers * @see AWS API * Documentation */ InviteMembersResult inviteMembers(InviteMembersRequest inviteMembersRequest); /** ** A list of automation rules and their metadata for the calling account. *
* * @param listAutomationRulesRequest * @return Result of the ListAutomationRules operation returned by the service. * @throws AccessDeniedException * You don't have permission to perform the action specified in the request. * @throws InternalException * Internal server error. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.ListAutomationRules * @see AWS API Documentation */ ListAutomationRulesResult listAutomationRules(ListAutomationRulesRequest listAutomationRulesRequest); /** ** Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security * Hub. *
* * @param listEnabledProductsForImportRequest * @return Result of the ListEnabledProductsForImport operation returned by the service. * @throws InternalException * Internal server error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @sample AWSSecurityHub.ListEnabledProductsForImport * @see AWS API Documentation */ ListEnabledProductsForImportResult listEnabledProductsForImport(ListEnabledProductsForImportRequest listEnabledProductsForImportRequest); /** *
* If finding aggregation is enabled, then ListFindingAggregators returns the ARN of the finding
* aggregator. You can run this operation from any Region.
*
* Lists all Security Hub membership invitations that were sent to the current Amazon Web Services account. *
** This operation is only used by accounts that are managed by invitation. Accounts that are managed using the * integration with Organizations do not receive invitations. *
* * @param listInvitationsRequest * @return Result of the ListInvitations operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.ListInvitations * @see AWS * API Documentation */ ListInvitationsResult listInvitations(ListInvitationsRequest listInvitationsRequest); /** ** Lists details about all member accounts for the current Security Hub administrator account. *
** The results include both member accounts that belong to an organization and member accounts that were invited * manually. *
* * @param listMembersRequest * @return Result of the ListMembers operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.ListMembers * @see AWS API * Documentation */ ListMembersResult listMembers(ListMembersRequest listMembersRequest); /** ** Lists the Security Hub administrator accounts. Can only be called by the organization management account. *
* * @param listOrganizationAdminAccountsRequest * @return Result of the ListOrganizationAdminAccounts operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.ListOrganizationAdminAccounts * @see AWS API Documentation */ ListOrganizationAdminAccountsResult listOrganizationAdminAccounts(ListOrganizationAdminAccountsRequest listOrganizationAdminAccountsRequest); /** ** Lists all of the security controls that apply to a specified standard. *
* * @param listSecurityControlDefinitionsRequest * @return Result of the ListSecurityControlDefinitions operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.ListSecurityControlDefinitions * @see AWS API Documentation */ ListSecurityControlDefinitionsResult listSecurityControlDefinitions(ListSecurityControlDefinitionsRequest listSecurityControlDefinitionsRequest); /** ** Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account. *
* * @param listStandardsControlAssociationsRequest * @return Result of the ListStandardsControlAssociations operation returned by the service. * @throws InternalException * Internal server error. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @sample AWSSecurityHub.ListStandardsControlAssociations * @see AWS API Documentation */ ListStandardsControlAssociationsResult listStandardsControlAssociations(ListStandardsControlAssociationsRequest listStandardsControlAssociationsRequest); /** ** Returns a list of tags associated with a resource. *
* * @param listTagsForResourceRequest * @return Result of the ListTagsForResource operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.ListTagsForResource * @see AWS API Documentation */ ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest); /** ** Adds one or more tags to a resource. *
* * @param tagResourceRequest * @return Result of the TagResource operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.TagResource * @see AWS API * Documentation */ TagResourceResult tagResource(TagResourceRequest tagResourceRequest); /** ** Removes one or more tags from a resource. *
* * @param untagResourceRequest * @return Result of the UntagResource operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.UntagResource * @see AWS API * Documentation */ UntagResourceResult untagResource(UntagResourceRequest untagResourceRequest); /** ** Updates the name and description of a custom action target in Security Hub. *
* * @param updateActionTargetRequest * @return Result of the UpdateActionTarget operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.UpdateActionTarget * @see AWS * API Documentation */ UpdateActionTargetResult updateActionTarget(UpdateActionTargetRequest updateActionTargetRequest); /** *
* Updates the finding aggregation configuration. Used to update the Region linking mode and the list of included or
* excluded Regions. You cannot use UpdateFindingAggregator to change the aggregation Region.
*
* You must run UpdateFindingAggregator from the current aggregation Region.
*
* UpdateFindings is deprecated. Instead of UpdateFindings, use
* BatchUpdateFindings.
*
* Updates the Note and RecordState of the Security Hub-aggregated findings that the
* filter attributes specify. Any member account that can view the finding also sees the update to the finding.
*
* Updates the Security Hub insight identified by the specified insight ARN. *
* * @param updateInsightRequest * @return Result of the UpdateInsight operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.UpdateInsight * @see AWS API * Documentation */ UpdateInsightResult updateInsight(UpdateInsightRequest updateInsightRequest); /** ** Used to update the configuration related to Organizations. Can only be called from a Security Hub administrator * account. *
* * @param updateOrganizationConfigurationRequest * @return Result of the UpdateOrganizationConfiguration operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @sample AWSSecurityHub.UpdateOrganizationConfiguration * @see AWS API Documentation */ UpdateOrganizationConfigurationResult updateOrganizationConfiguration(UpdateOrganizationConfigurationRequest updateOrganizationConfigurationRequest); /** ** Updates configuration options for Security Hub. *
* * @param updateSecurityHubConfigurationRequest * @return Result of the UpdateSecurityHubConfiguration operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws LimitExceededException * The request was rejected because it attempted to create resources beyond the current Amazon Web Services * account or throttling limits. The error code describes the limit exceeded. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.UpdateSecurityHubConfiguration * @see AWS API Documentation */ UpdateSecurityHubConfigurationResult updateSecurityHubConfiguration(UpdateSecurityHubConfigurationRequest updateSecurityHubConfigurationRequest); /** ** Used to control whether an individual security standard control is enabled or disabled. *
* * @param updateStandardsControlRequest * @return Result of the UpdateStandardsControl operation returned by the service. * @throws InternalException * Internal server error. * @throws InvalidInputException * The request was rejected because you supplied an invalid or out-of-range value for an input parameter. * @throws InvalidAccessException * The account doesn't have permission to perform this action. * @throws ResourceNotFoundException * The request was rejected because we can't find the specified resource. * @sample AWSSecurityHub.UpdateStandardsControl * @see AWS API Documentation */ UpdateStandardsControlResult updateStandardsControl(UpdateStandardsControlRequest updateStandardsControlRequest); /** * Shuts down this client object, releasing any resources that might be held open. This is an optional method, and * callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client * has been shutdown, it should not be used to make any more requests. */ void shutdown(); /** * Returns additional metadata for a previously executed successful request, typically used for debugging issues * where a service isn't acting as expected. This data isn't considered part of the result data returned by an * operation, so it's available through this separate, diagnostic interface. ** Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic * information for an executed request, you should use this method to retrieve it as soon as possible after * executing a request. * * @param request * The originally executed request. * * @return The response metadata for the specified request, or null if none is available. */ ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request); }