AWS SecurityHub

2021/04/22 - AWS SecurityHub - 3 new 3 updated api methods

Changes  Replaced the term "master" with "administrator". Added new actions to replace AcceptInvitation, GetMasterAccount, and DisassociateFromMasterAccount. In Member, replaced MasterId with AdministratorId.

DisassociateFromAdministratorAccount (new) Link ¶

Disassociates the current Security Hub member account from the associated administrator account.

This operation is only used by accounts that are not part of an organization. For organization accounts, only the administrator account can disassociate a member account.

See also: AWS API Documentation

Request Syntax

client.disassociate_from_administrator_account()
rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

GetAdministratorAccount (new) Link ¶

Provides the details for the Security Hub administrator account for the current member account.

Can be used by both member accounts that are managed using Organizations and accounts that were invited manually.

See also: AWS API Documentation

Request Syntax

client.get_administrator_account()
rtype

dict

returns

Response Syntax

{
    'Administrator': {
        'AccountId': 'string',
        'InvitationId': 'string',
        'InvitedAt': datetime(2015, 1, 1),
        'MemberStatus': 'string'
    }
}

Response Structure

  • (dict) --

    • Administrator (dict) --

      Details about an invitation.

      • AccountId (string) --

        The account ID of the Security Hub administrator account that the invitation was sent from.

      • InvitationId (string) --

        The ID of the invitation sent to the member account.

      • InvitedAt (datetime) --

        The timestamp of when the invitation was sent.

      • MemberStatus (string) --

        The current status of the association between the member and administrator accounts.

AcceptAdministratorInvitation (new) Link ¶

Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.

This operation is only used by member accounts that are not added through Organizations.

When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.

See also: AWS API Documentation

Request Syntax

client.accept_administrator_invitation(
    AdministratorId='string',
    InvitationId='string'
)
type AdministratorId

string

param AdministratorId

[REQUIRED]

The account ID of the Security Hub administrator account that sent the invitation.

type InvitationId

string

param InvitationId

[REQUIRED]

The identifier of the invitation sent from the Security Hub administrator account.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

DescribeProducts (updated) Link ¶
Changes (response) 
{'Products': {'IntegrationTypes': {'UPDATE_FINDINGS_IN_SECURITY_HUB'}}}

Returns information about product integrations in Security Hub.

You can optionally provide an integration ARN. If you provide an integration ARN, then the results only include that integration.

If you do not provide an integration ARN, then the results include all of the available product integrations.

See also: AWS API Documentation

Request Syntax

client.describe_products(
    NextToken='string',
    MaxResults=123,
    ProductArn='string'
)
type NextToken

string

param NextToken

The token that is required for pagination. On your first call to the DescribeProducts operation, set the value of this parameter to NULL .

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

type MaxResults

integer

param MaxResults

The maximum number of results to return.

type ProductArn

string

param ProductArn

The ARN of the integration to return.

rtype

dict

returns

Response Syntax

{
    'Products': [
        {
            'ProductArn': 'string',
            'ProductName': 'string',
            'CompanyName': 'string',
            'Description': 'string',
            'Categories': [
                'string',
            ],
            'IntegrationTypes': [
                'SEND_FINDINGS_TO_SECURITY_HUB'|'RECEIVE_FINDINGS_FROM_SECURITY_HUB'|'UPDATE_FINDINGS_IN_SECURITY_HUB',
            ],
            'MarketplaceUrl': 'string',
            'ActivationUrl': 'string',
            'ProductSubscriptionResourcePolicy': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Products (list) --

      A list of products, including details for each product.

      • (dict) --

        Contains details about a product.

        • ProductArn (string) --

          The ARN assigned to the product.

        • ProductName (string) --

          The name of the product.

        • CompanyName (string) --

          The name of the company that provides the product.

        • Description (string) --

          A description of the product.

        • Categories (list) --

          The categories assigned to the product.

          • (string) --

        • IntegrationTypes (list) --

          The types of integration that the product supports. Available values are the following.

          • SEND_FINDINGS_TO_SECURITY_HUB - The integration sends findings to Security Hub.

          • RECEIVE_FINDINGS_FROM_SECURITY_HUB - The integration receives findings from Security Hub.

          • UPDATE_FINDINGS_IN_SECURITY_HUB - The integration does not send new findings to Security Hub, but does make updates to the findings that it receives from Security Hub.

          • (string) --

        • MarketplaceUrl (string) --

          For integrations with AWS services, the AWS Console URL from which to activate the service.

          For integrations with third-party products, the AWS Marketplace URL from which to subscribe to or purchase the product.

        • ActivationUrl (string) --

          The URL to the service or product documentation about the integration with Security Hub, including how to activate the integration.

        • ProductSubscriptionResourcePolicy (string) --

          The resource policy associated with the product.

    • NextToken (string) --

      The pagination token to use to request the next page of results.

GetMembers (updated) Link ¶
Changes (response) 
{'Members': {'AdministratorId': 'string'}}

Returns the details for the Security Hub member accounts for the specified account IDs.

An administrator account can be either the delegated Security Hub administrator account for an organization or an administrator account that enabled Security Hub manually.

The results include both member accounts that are managed using Organizations and accounts that were invited manually.

See also: AWS API Documentation

Request Syntax

client.get_members(
    AccountIds=[
        'string',
    ]
)
type AccountIds

list

param AccountIds

[REQUIRED]

The list of account IDs for the Security Hub member accounts to return the details for.

  • (string) --

rtype

dict

returns

Response Syntax

{
    'Members': [
        {
            'AccountId': 'string',
            'Email': 'string',
            'MasterId': 'string',
            'AdministratorId': 'string',
            'MemberStatus': 'string',
            'InvitedAt': datetime(2015, 1, 1),
            'UpdatedAt': datetime(2015, 1, 1)
        },
    ],
    'UnprocessedAccounts': [
        {
            'AccountId': 'string',
            'ProcessingResult': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • Members (list) --

      The list of details about the Security Hub member accounts.

      • (dict) --

        The details about a member account.

        • AccountId (string) --

          The AWS account ID of the member account.

        • Email (string) --

          The email address of the member account.

        • MasterId (string) --

          This is replaced by AdministratorID .

          The AWS account ID of the Security Hub administrator account associated with this member account.

        • AdministratorId (string) --

          The AWS account ID of the Security Hub administrator account associated with this member account.

        • MemberStatus (string) --

          The status of the relationship between the member account and its administrator account.

          The status can have one of the following values:

          • CREATED - Indicates that the administrator account added the member account, but has not yet invited the member account.

          • INVITED - Indicates that the administrator account invited the member account. The member account has not yet responded to the invitation.

          • ENABLED - Indicates that the member account is currently active. For manually invited member accounts, indicates that the member account accepted the invitation.

          • REMOVED - Indicates that the administrator account disassociated the member account.

          • RESIGNED - Indicates that the member account disassociated themselves from the administrator account.

          • DELETED - Indicates that the administrator account deleted the member account.

        • InvitedAt (datetime) --

          A timestamp for the date and time when the invitation was sent to the member account.

        • UpdatedAt (datetime) --

          The timestamp for the date and time when the member account was updated.

    • UnprocessedAccounts (list) --

      The list of AWS accounts that could not be processed. For each account, the list includes the account ID and the email address.

      • (dict) --

        Details about the account that was not processed.

        • AccountId (string) --

          An AWS account ID of the account that was not processed.

        • ProcessingResult (string) --

          The reason that the account was not processed.

ListMembers (updated) Link ¶
Changes (response) 
{'Members': {'AdministratorId': 'string'}}

Lists details about all member accounts for the current Security Hub administrator account.

The results include both member accounts that belong to an organization and member accounts that were invited manually.

See also: AWS API Documentation

Request Syntax

client.list_members(
    OnlyAssociated=True|False,
    MaxResults=123,
    NextToken='string'
)
type OnlyAssociated

boolean

param OnlyAssociated

Specifies which member accounts to include in the response based on their relationship status with the administrator account. The default value is TRUE .

If OnlyAssociated is set to TRUE , the response includes member accounts whose relationship status with the administrator account is set to ENABLED .

If OnlyAssociated is set to FALSE , the response includes all existing member accounts.

type MaxResults

integer

param MaxResults

The maximum number of items to return in the response.

type NextToken

string

param NextToken

The token that is required for pagination. On your first call to the ListMembers operation, set the value of this parameter to NULL .

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

rtype

dict

returns

Response Syntax

{
    'Members': [
        {
            'AccountId': 'string',
            'Email': 'string',
            'MasterId': 'string',
            'AdministratorId': 'string',
            'MemberStatus': 'string',
            'InvitedAt': datetime(2015, 1, 1),
            'UpdatedAt': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Members (list) --

      Member details returned by the operation.

      • (dict) --

        The details about a member account.

        • AccountId (string) --

          The AWS account ID of the member account.

        • Email (string) --

          The email address of the member account.

        • MasterId (string) --

          This is replaced by AdministratorID .

          The AWS account ID of the Security Hub administrator account associated with this member account.

        • AdministratorId (string) --

          The AWS account ID of the Security Hub administrator account associated with this member account.

        • MemberStatus (string) --

          The status of the relationship between the member account and its administrator account.

          The status can have one of the following values:

          • CREATED - Indicates that the administrator account added the member account, but has not yet invited the member account.

          • INVITED - Indicates that the administrator account invited the member account. The member account has not yet responded to the invitation.

          • ENABLED - Indicates that the member account is currently active. For manually invited member accounts, indicates that the member account accepted the invitation.

          • REMOVED - Indicates that the administrator account disassociated the member account.

          • RESIGNED - Indicates that the member account disassociated themselves from the administrator account.

          • DELETED - Indicates that the administrator account deleted the member account.

        • InvitedAt (datetime) --

          A timestamp for the date and time when the invitation was sent to the member account.

        • UpdatedAt (datetime) --

          The timestamp for the date and time when the member account was updated.

    • NextToken (string) --

      The pagination token to use to request the next page of results.