AWS SecurityHub

2021/12/20 - AWS SecurityHub - 5 updated api methods

Changes  Added new resource details objects to ASFF, including resources for Firewall, and RuleGroup, FirewallPolicy Added additional details for AutoScalingGroup, LaunchConfiguration, and S3 buckets.

BatchDisableStandards (updated) Link ¶
Changes (response)
{'StandardsSubscriptions': {'StandardsStatusReason': {'StatusReasonCode': 'NO_AVAILABLE_CONFIGURATION_RECORDER '
                                                                          '| '
                                                                          'INTERNAL_ERROR'}}}

Disables the standards specified by the provided StandardsSubscriptionArns.

For more information, see Security Standards section of the Security Hub User Guide.

See also: AWS API Documentation

Request Syntax

client.batch_disable_standards(
    StandardsSubscriptionArns=[
        'string',
    ]
)
type StandardsSubscriptionArns:

list

param StandardsSubscriptionArns:

[REQUIRED]

The ARNs of the standards subscriptions to disable.

  • (string) --

rtype:

dict

returns:

Response Syntax

{
    'StandardsSubscriptions': [
        {
            'StandardsSubscriptionArn': 'string',
            'StandardsArn': 'string',
            'StandardsInput': {
                'string': 'string'
            },
            'StandardsStatus': 'PENDING'|'READY'|'FAILED'|'DELETING'|'INCOMPLETE',
            'StandardsStatusReason': {
                'StatusReasonCode': 'NO_AVAILABLE_CONFIGURATION_RECORDER'|'INTERNAL_ERROR'
            }
        },
    ]
}

Response Structure

  • (dict) --

    • StandardsSubscriptions (list) --

      The details of the standards subscriptions that were disabled.

      • (dict) --

        A resource that represents your subscription to a supported standard.

        • StandardsSubscriptionArn (string) --

          The ARN of a resource that represents your subscription to a supported standard.

        • StandardsArn (string) --

          The ARN of a standard.

        • StandardsInput (dict) --

          A key-value pair of input for the standard.

          • (string) --

            • (string) --

        • StandardsStatus (string) --

          The status of the standard subscription.

          The status values are as follows:

          • PENDING - Standard is in the process of being enabled.

          • READY - Standard is enabled.

          • INCOMPLETE - Standard could not be enabled completely. Some controls may not be available.

          • DELETING - Standard is in the process of being disabled.

          • FAILED - Standard could not be disabled.

        • StandardsStatusReason (dict) --

          The reason for the current status.

          • StatusReasonCode (string) --

            The reason code that represents the reason for the current status of a standard subscription.

BatchEnableStandards (updated) Link ¶
Changes (response)
{'StandardsSubscriptions': {'StandardsStatusReason': {'StatusReasonCode': 'NO_AVAILABLE_CONFIGURATION_RECORDER '
                                                                          '| '
                                                                          'INTERNAL_ERROR'}}}

Enables the standards specified by the provided StandardsArn. To obtain the ARN for a standard, use the DescribeStandards operation.

For more information, see the Security Standards section of the Security Hub User Guide.

See also: AWS API Documentation

Request Syntax

client.batch_enable_standards(
    StandardsSubscriptionRequests=[
        {
            'StandardsArn': 'string',
            'StandardsInput': {
                'string': 'string'
            }
        },
    ]
)
type StandardsSubscriptionRequests:

list

param StandardsSubscriptionRequests:

[REQUIRED]

The list of standards checks to enable.

  • (dict) --

    The standard that you want to enable.

    • StandardsArn (string) -- [REQUIRED]

      The ARN of the standard that you want to enable. To view the list of available standards and their ARNs, use the DescribeStandards operation.

    • StandardsInput (dict) --

      A key-value pair of input for the standard.

      • (string) --

        • (string) --

rtype:

dict

returns:

Response Syntax

{
    'StandardsSubscriptions': [
        {
            'StandardsSubscriptionArn': 'string',
            'StandardsArn': 'string',
            'StandardsInput': {
                'string': 'string'
            },
            'StandardsStatus': 'PENDING'|'READY'|'FAILED'|'DELETING'|'INCOMPLETE',
            'StandardsStatusReason': {
                'StatusReasonCode': 'NO_AVAILABLE_CONFIGURATION_RECORDER'|'INTERNAL_ERROR'
            }
        },
    ]
}

Response Structure

  • (dict) --

    • StandardsSubscriptions (list) --

      The details of the standards subscriptions that were enabled.

      • (dict) --

        A resource that represents your subscription to a supported standard.

        • StandardsSubscriptionArn (string) --

          The ARN of a resource that represents your subscription to a supported standard.

        • StandardsArn (string) --

          The ARN of a standard.

        • StandardsInput (dict) --

          A key-value pair of input for the standard.

          • (string) --

            • (string) --

        • StandardsStatus (string) --

          The status of the standard subscription.

          The status values are as follows:

          • PENDING - Standard is in the process of being enabled.

          • READY - Standard is enabled.

          • INCOMPLETE - Standard could not be enabled completely. Some controls may not be available.

          • DELETING - Standard is in the process of being disabled.

          • FAILED - Standard could not be disabled.

        • StandardsStatusReason (dict) --

          The reason for the current status.

          • StatusReasonCode (string) --

            The reason code that represents the reason for the current status of a standard subscription.

BatchImportFindings (updated) Link ¶
Changes (request)
{'Findings': {'Resources': {'Details': {'AwsAutoScalingAutoScalingGroup': {'AvailabilityZones': [{'Value': 'string'}],
                                                                           'MixedInstancesPolicy': {'InstancesDistribution': {'OnDemandAllocationStrategy': 'string',
                                                                                                                              'OnDemandBaseCapacity': 'integer',
                                                                                                                              'OnDemandPercentageAboveBaseCapacity': 'integer',
                                                                                                                              'SpotAllocationStrategy': 'string',
                                                                                                                              'SpotInstancePools': 'integer',
                                                                                                                              'SpotMaxPrice': 'string'},
                                                                                                    'LaunchTemplate': {'LaunchTemplateSpecification': {'LaunchTemplateId': 'string',
                                                                                                                                                       'LaunchTemplateName': 'string',
                                                                                                                                                       'Version': 'string'},
                                                                                                                       'Overrides': [{'InstanceType': 'string',
                                                                                                                                      'WeightedCapacity': 'string'}]}}},
                                        'AwsAutoScalingLaunchConfiguration': {'MetadataOptions': {'HttpEndpoint': 'string',
                                                                                                  'HttpPutResponseHopLimit': 'integer',
                                                                                                  'HttpTokens': 'string'}},
                                        'AwsNetworkFirewallFirewall': {'DeleteProtection': 'boolean',
                                                                       'Description': 'string',
                                                                       'FirewallArn': 'string',
                                                                       'FirewallId': 'string',
                                                                       'FirewallName': 'string',
                                                                       'FirewallPolicyArn': 'string',
                                                                       'FirewallPolicyChangeProtection': 'boolean',
                                                                       'SubnetChangeProtection': 'boolean',
                                                                       'SubnetMappings': [{'SubnetId': 'string'}],
                                                                       'VpcId': 'string'},
                                        'AwsNetworkFirewallFirewallPolicy': {'Description': 'string',
                                                                             'FirewallPolicy': {'StatefulRuleGroupReferences': [{'ResourceArn': 'string'}],
                                                                                                'StatelessCustomActions': [{'ActionDefinition': {'PublishMetricAction': {'Dimensions': [{'Value': 'string'}]}},
                                                                                                                            'ActionName': 'string'}],
                                                                                                'StatelessDefaultActions': ['string'],
                                                                                                'StatelessFragmentDefaultActions': ['string'],
                                                                                                'StatelessRuleGroupReferences': [{'Priority': 'integer',
                                                                                                                                  'ResourceArn': 'string'}]},
                                                                             'FirewallPolicyArn': 'string',
                                                                             'FirewallPolicyId': 'string',
                                                                             'FirewallPolicyName': 'string'},
                                        'AwsNetworkFirewallRuleGroup': {'Capacity': 'integer',
                                                                        'Description': 'string',
                                                                        'RuleGroup': {'RuleVariables': {'IpSets': {'Definition': ['string']},
                                                                                                        'PortSets': {'Definition': ['string']}},
                                                                                      'RulesSource': {'RulesSourceList': {'GeneratedRulesType': 'string',
                                                                                                                          'TargetTypes': ['string'],
                                                                                                                          'Targets': ['string']},
                                                                                                      'RulesString': 'string',
                                                                                                      'StatefulRules': [{'Action': 'string',
                                                                                                                         'Header': {'Destination': 'string',
                                                                                                                                    'DestinationPort': 'string',
                                                                                                                                    'Direction': 'string',
                                                                                                                                    'Protocol': 'string',
                                                                                                                                    'Source': 'string',
                                                                                                                                    'SourcePort': 'string'},
                                                                                                                         'RuleOptions': [{'Keyword': 'string',
                                                                                                                                          'Settings': ['string']}]}],
                                                                                                      'StatelessRulesAndCustomActions': {'CustomActions': [{'ActionDefinition': {'PublishMetricAction': {'Dimensions': [{'Value': 'string'}]}},
                                                                                                                                                            'ActionName': 'string'}],
                                                                                                                                         'StatelessRules': [{'Priority': 'integer',
                                                                                                                                                             'RuleDefinition': {'Actions': ['string'],
                                                                                                                                                                                'MatchAttributes': {'DestinationPorts': [{'FromPort': 'integer',
                                                                                                                                                                                                                          'ToPort': 'integer'}],
                                                                                                                                                                                                    'Destinations': [{'AddressDefinition': 'string'}],
                                                                                                                                                                                                    'Protocols': ['integer'],
                                                                                                                                                                                                    'SourcePorts': [{'FromPort': 'integer',
                                                                                                                                                                                                                     'ToPort': 'integer'}],
                                                                                                                                                                                                    'Sources': [{'AddressDefinition': 'string'}],
                                                                                                                                                                                                    'TcpFlags': [{'Flags': ['string'],
                                                                                                                                                                                                                  'Masks': ['string']}]}}}]}}},
                                                                        'RuleGroupArn': 'string',
                                                                        'RuleGroupId': 'string',
                                                                        'RuleGroupName': 'string',
                                                                        'Type': 'string'},
                                        'AwsS3Bucket': {'BucketVersioningConfiguration': {'IsMfaDeleteEnabled': 'boolean',
                                                                                          'Status': 'string'}}}}}}

Imports security findings generated by a finding provider into Security Hub. This action is requested by the finding provider to import its findings into Security Hub.

BatchImportFindings must be called by one of the following:

  • The account that is associated with the findings. The identifier of the associated account is the value of the AwsAccountId attribute for the finding.

  • An account that is allow-listed for an official Security Hub partner integration.

The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.

After a finding is created, BatchImportFindings cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.

  • Note

  • UserDefinedFields

  • VerificationState

  • Workflow

Finding providers also should not use BatchImportFindings to update the following attributes.

  • Confidence

  • Criticality

  • RelatedFindings

  • Severity

  • Types

Instead, finding providers use FindingProviderFields to provide values for these attributes.

See also: AWS API Documentation

Request Syntax

# This section is too large to render.
# Please see the AWS API Documentation linked below.

AWS API Documentation

Parameters

# This section is too large to render.
# Please see the AWS API Documentation linked below.

AWS API Documentation

rtype:

dict

returns:

Response Syntax

{
    'FailedCount': 123,
    'SuccessCount': 123,
    'FailedFindings': [
        {
            'Id': 'string',
            'ErrorCode': 'string',
            'ErrorMessage': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • FailedCount (integer) --

      The number of findings that failed to import.

    • SuccessCount (integer) --

      The number of findings that were successfully imported.

    • FailedFindings (list) --

      The list of findings that failed to import.

      • (dict) --

        The list of the findings that cannot be imported. For each finding, the list provides the error.

        • Id (string) --

          The identifier of the finding that could not be updated.

        • ErrorCode (string) --

          The code of the error returned by the BatchImportFindings operation.

        • ErrorMessage (string) --

          The message of the error returned by the BatchImportFindings operation.

GetEnabledStandards (updated) Link ¶
Changes (response)
{'StandardsSubscriptions': {'StandardsStatusReason': {'StatusReasonCode': 'NO_AVAILABLE_CONFIGURATION_RECORDER '
                                                                          '| '
                                                                          'INTERNAL_ERROR'}}}

Returns a list of the standards that are currently enabled.

See also: AWS API Documentation

Request Syntax

client.get_enabled_standards(
    StandardsSubscriptionArns=[
        'string',
    ],
    NextToken='string',
    MaxResults=123
)
type StandardsSubscriptionArns:

list

param StandardsSubscriptionArns:

The list of the standards subscription ARNs for the standards to retrieve.

  • (string) --

type NextToken:

string

param NextToken:

The token that is required for pagination. On your first call to the GetEnabledStandards operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

type MaxResults:

integer

param MaxResults:

The maximum number of results to return in the response.

rtype:

dict

returns:

Response Syntax

{
    'StandardsSubscriptions': [
        {
            'StandardsSubscriptionArn': 'string',
            'StandardsArn': 'string',
            'StandardsInput': {
                'string': 'string'
            },
            'StandardsStatus': 'PENDING'|'READY'|'FAILED'|'DELETING'|'INCOMPLETE',
            'StandardsStatusReason': {
                'StatusReasonCode': 'NO_AVAILABLE_CONFIGURATION_RECORDER'|'INTERNAL_ERROR'
            }
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • StandardsSubscriptions (list) --

      The list of StandardsSubscriptions objects that include information about the enabled standards.

      • (dict) --

        A resource that represents your subscription to a supported standard.

        • StandardsSubscriptionArn (string) --

          The ARN of a resource that represents your subscription to a supported standard.

        • StandardsArn (string) --

          The ARN of a standard.

        • StandardsInput (dict) --

          A key-value pair of input for the standard.

          • (string) --

            • (string) --

        • StandardsStatus (string) --

          The status of the standard subscription.

          The status values are as follows:

          • PENDING - Standard is in the process of being enabled.

          • READY - Standard is enabled.

          • INCOMPLETE - Standard could not be enabled completely. Some controls may not be available.

          • DELETING - Standard is in the process of being disabled.

          • FAILED - Standard could not be disabled.

        • StandardsStatusReason (dict) --

          The reason for the current status.

          • StatusReasonCode (string) --

            The reason code that represents the reason for the current status of a standard subscription.

    • NextToken (string) --

      The pagination token to use to request the next page of results.

GetFindings (updated) Link ¶
Changes (response)
{'Findings': {'Resources': {'Details': {'AwsAutoScalingAutoScalingGroup': {'AvailabilityZones': [{'Value': 'string'}],
                                                                           'MixedInstancesPolicy': {'InstancesDistribution': {'OnDemandAllocationStrategy': 'string',
                                                                                                                              'OnDemandBaseCapacity': 'integer',
                                                                                                                              'OnDemandPercentageAboveBaseCapacity': 'integer',
                                                                                                                              'SpotAllocationStrategy': 'string',
                                                                                                                              'SpotInstancePools': 'integer',
                                                                                                                              'SpotMaxPrice': 'string'},
                                                                                                    'LaunchTemplate': {'LaunchTemplateSpecification': {'LaunchTemplateId': 'string',
                                                                                                                                                       'LaunchTemplateName': 'string',
                                                                                                                                                       'Version': 'string'},
                                                                                                                       'Overrides': [{'InstanceType': 'string',
                                                                                                                                      'WeightedCapacity': 'string'}]}}},
                                        'AwsAutoScalingLaunchConfiguration': {'MetadataOptions': {'HttpEndpoint': 'string',
                                                                                                  'HttpPutResponseHopLimit': 'integer',
                                                                                                  'HttpTokens': 'string'}},
                                        'AwsNetworkFirewallFirewall': {'DeleteProtection': 'boolean',
                                                                       'Description': 'string',
                                                                       'FirewallArn': 'string',
                                                                       'FirewallId': 'string',
                                                                       'FirewallName': 'string',
                                                                       'FirewallPolicyArn': 'string',
                                                                       'FirewallPolicyChangeProtection': 'boolean',
                                                                       'SubnetChangeProtection': 'boolean',
                                                                       'SubnetMappings': [{'SubnetId': 'string'}],
                                                                       'VpcId': 'string'},
                                        'AwsNetworkFirewallFirewallPolicy': {'Description': 'string',
                                                                             'FirewallPolicy': {'StatefulRuleGroupReferences': [{'ResourceArn': 'string'}],
                                                                                                'StatelessCustomActions': [{'ActionDefinition': {'PublishMetricAction': {'Dimensions': [{'Value': 'string'}]}},
                                                                                                                            'ActionName': 'string'}],
                                                                                                'StatelessDefaultActions': ['string'],
                                                                                                'StatelessFragmentDefaultActions': ['string'],
                                                                                                'StatelessRuleGroupReferences': [{'Priority': 'integer',
                                                                                                                                  'ResourceArn': 'string'}]},
                                                                             'FirewallPolicyArn': 'string',
                                                                             'FirewallPolicyId': 'string',
                                                                             'FirewallPolicyName': 'string'},
                                        'AwsNetworkFirewallRuleGroup': {'Capacity': 'integer',
                                                                        'Description': 'string',
                                                                        'RuleGroup': {'RuleVariables': {'IpSets': {'Definition': ['string']},
                                                                                                        'PortSets': {'Definition': ['string']}},
                                                                                      'RulesSource': {'RulesSourceList': {'GeneratedRulesType': 'string',
                                                                                                                          'TargetTypes': ['string'],
                                                                                                                          'Targets': ['string']},
                                                                                                      'RulesString': 'string',
                                                                                                      'StatefulRules': [{'Action': 'string',
                                                                                                                         'Header': {'Destination': 'string',
                                                                                                                                    'DestinationPort': 'string',
                                                                                                                                    'Direction': 'string',
                                                                                                                                    'Protocol': 'string',
                                                                                                                                    'Source': 'string',
                                                                                                                                    'SourcePort': 'string'},
                                                                                                                         'RuleOptions': [{'Keyword': 'string',
                                                                                                                                          'Settings': ['string']}]}],
                                                                                                      'StatelessRulesAndCustomActions': {'CustomActions': [{'ActionDefinition': {'PublishMetricAction': {'Dimensions': [{'Value': 'string'}]}},
                                                                                                                                                            'ActionName': 'string'}],
                                                                                                                                         'StatelessRules': [{'Priority': 'integer',
                                                                                                                                                             'RuleDefinition': {'Actions': ['string'],
                                                                                                                                                                                'MatchAttributes': {'DestinationPorts': [{'FromPort': 'integer',
                                                                                                                                                                                                                          'ToPort': 'integer'}],
                                                                                                                                                                                                    'Destinations': [{'AddressDefinition': 'string'}],
                                                                                                                                                                                                    'Protocols': ['integer'],
                                                                                                                                                                                                    'SourcePorts': [{'FromPort': 'integer',
                                                                                                                                                                                                                     'ToPort': 'integer'}],
                                                                                                                                                                                                    'Sources': [{'AddressDefinition': 'string'}],
                                                                                                                                                                                                    'TcpFlags': [{'Flags': ['string'],
                                                                                                                                                                                                                  'Masks': ['string']}]}}}]}}},
                                                                        'RuleGroupArn': 'string',
                                                                        'RuleGroupId': 'string',
                                                                        'RuleGroupName': 'string',
                                                                        'Type': 'string'},
                                        'AwsS3Bucket': {'BucketVersioningConfiguration': {'IsMfaDeleteEnabled': 'boolean',
                                                                                          'Status': 'string'}}}}}}

Returns a list of findings that match the specified criteria.

If finding aggregation is enabled, then when you call GetFindings from the aggregation Region, the results include all of the matching findings from both the aggregation Region and the linked Regions.

See also: AWS API Documentation

Request Syntax

client.get_findings(
    Filters={
        'ProductArn': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'AwsAccountId': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'Id': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'GeneratorId': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'Region': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'Type': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'FirstObservedAt': [
            {
                'Start': 'string',
                'End': 'string',
                'DateRange': {
                    'Value': 123,
                    'Unit': 'DAYS'
                }
            },
        ],
        'LastObservedAt': [
            {
                'Start': 'string',
                'End': 'string',
                'DateRange': {
                    'Value': 123,
                    'Unit': 'DAYS'
                }
            },
        ],
        'CreatedAt': [
            {
                'Start': 'string',
                'End': 'string',
                'DateRange': {
                    'Value': 123,
                    'Unit': 'DAYS'
                }
            },
        ],
        'UpdatedAt': [
            {
                'Start': 'string',
                'End': 'string',
                'DateRange': {
                    'Value': 123,
                    'Unit': 'DAYS'
                }
            },
        ],
        'SeverityProduct': [
            {
                'Gte': 123.0,
                'Lte': 123.0,
                'Eq': 123.0
            },
        ],
        'SeverityNormalized': [
            {
                'Gte': 123.0,
                'Lte': 123.0,
                'Eq': 123.0
            },
        ],
        'SeverityLabel': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'Confidence': [
            {
                'Gte': 123.0,
                'Lte': 123.0,
                'Eq': 123.0
            },
        ],
        'Criticality': [
            {
                'Gte': 123.0,
                'Lte': 123.0,
                'Eq': 123.0
            },
        ],
        'Title': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'Description': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'RecommendationText': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'SourceUrl': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ProductFields': [
            {
                'Key': 'string',
                'Value': 'string',
                'Comparison': 'EQUALS'|'NOT_EQUALS'
            },
        ],
        'ProductName': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'CompanyName': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'UserDefinedFields': [
            {
                'Key': 'string',
                'Value': 'string',
                'Comparison': 'EQUALS'|'NOT_EQUALS'
            },
        ],
        'MalwareName': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'MalwareType': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'MalwarePath': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'MalwareState': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'NetworkDirection': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'NetworkProtocol': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'NetworkSourceIpV4': [
            {
                'Cidr': 'string'
            },
        ],
        'NetworkSourceIpV6': [
            {
                'Cidr': 'string'
            },
        ],
        'NetworkSourcePort': [
            {
                'Gte': 123.0,
                'Lte': 123.0,
                'Eq': 123.0
            },
        ],
        'NetworkSourceDomain': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'NetworkSourceMac': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'NetworkDestinationIpV4': [
            {
                'Cidr': 'string'
            },
        ],
        'NetworkDestinationIpV6': [
            {
                'Cidr': 'string'
            },
        ],
        'NetworkDestinationPort': [
            {
                'Gte': 123.0,
                'Lte': 123.0,
                'Eq': 123.0
            },
        ],
        'NetworkDestinationDomain': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ProcessName': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ProcessPath': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ProcessPid': [
            {
                'Gte': 123.0,
                'Lte': 123.0,
                'Eq': 123.0
            },
        ],
        'ProcessParentPid': [
            {
                'Gte': 123.0,
                'Lte': 123.0,
                'Eq': 123.0
            },
        ],
        'ProcessLaunchedAt': [
            {
                'Start': 'string',
                'End': 'string',
                'DateRange': {
                    'Value': 123,
                    'Unit': 'DAYS'
                }
            },
        ],
        'ProcessTerminatedAt': [
            {
                'Start': 'string',
                'End': 'string',
                'DateRange': {
                    'Value': 123,
                    'Unit': 'DAYS'
                }
            },
        ],
        'ThreatIntelIndicatorType': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ThreatIntelIndicatorValue': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ThreatIntelIndicatorCategory': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ThreatIntelIndicatorLastObservedAt': [
            {
                'Start': 'string',
                'End': 'string',
                'DateRange': {
                    'Value': 123,
                    'Unit': 'DAYS'
                }
            },
        ],
        'ThreatIntelIndicatorSource': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ThreatIntelIndicatorSourceUrl': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceType': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceId': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourcePartition': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceRegion': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceTags': [
            {
                'Key': 'string',
                'Value': 'string',
                'Comparison': 'EQUALS'|'NOT_EQUALS'
            },
        ],
        'ResourceAwsEc2InstanceType': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceAwsEc2InstanceImageId': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceAwsEc2InstanceIpV4Addresses': [
            {
                'Cidr': 'string'
            },
        ],
        'ResourceAwsEc2InstanceIpV6Addresses': [
            {
                'Cidr': 'string'
            },
        ],
        'ResourceAwsEc2InstanceKeyName': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceAwsEc2InstanceIamInstanceProfileArn': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceAwsEc2InstanceVpcId': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceAwsEc2InstanceSubnetId': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceAwsEc2InstanceLaunchedAt': [
            {
                'Start': 'string',
                'End': 'string',
                'DateRange': {
                    'Value': 123,
                    'Unit': 'DAYS'
                }
            },
        ],
        'ResourceAwsS3BucketOwnerId': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceAwsS3BucketOwnerName': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceAwsIamAccessKeyUserName': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceAwsIamAccessKeyPrincipalName': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceAwsIamAccessKeyStatus': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceAwsIamAccessKeyCreatedAt': [
            {
                'Start': 'string',
                'End': 'string',
                'DateRange': {
                    'Value': 123,
                    'Unit': 'DAYS'
                }
            },
        ],
        'ResourceAwsIamUserUserName': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceContainerName': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceContainerImageId': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceContainerImageName': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'ResourceContainerLaunchedAt': [
            {
                'Start': 'string',
                'End': 'string',
                'DateRange': {
                    'Value': 123,
                    'Unit': 'DAYS'
                }
            },
        ],
        'ResourceDetailsOther': [
            {
                'Key': 'string',
                'Value': 'string',
                'Comparison': 'EQUALS'|'NOT_EQUALS'
            },
        ],
        'ComplianceStatus': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'VerificationState': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'WorkflowState': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'WorkflowStatus': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'RecordState': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'RelatedFindingsProductArn': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'RelatedFindingsId': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'NoteText': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'NoteUpdatedAt': [
            {
                'Start': 'string',
                'End': 'string',
                'DateRange': {
                    'Value': 123,
                    'Unit': 'DAYS'
                }
            },
        ],
        'NoteUpdatedBy': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'Keyword': [
            {
                'Value': 'string'
            },
        ],
        'FindingProviderFieldsConfidence': [
            {
                'Gte': 123.0,
                'Lte': 123.0,
                'Eq': 123.0
            },
        ],
        'FindingProviderFieldsCriticality': [
            {
                'Gte': 123.0,
                'Lte': 123.0,
                'Eq': 123.0
            },
        ],
        'FindingProviderFieldsRelatedFindingsId': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'FindingProviderFieldsRelatedFindingsProductArn': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'FindingProviderFieldsSeverityLabel': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'FindingProviderFieldsSeverityOriginal': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ],
        'FindingProviderFieldsTypes': [
            {
                'Value': 'string',
                'Comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS'|'PREFIX_NOT_EQUALS'
            },
        ]
    },
    SortCriteria=[
        {
            'Field': 'string',
            'SortOrder': 'asc'|'desc'
        },
    ],
    NextToken='string',
    MaxResults=123
)


  **Parameters**
  ::

      # This section is too large to render.
      # Please see the AWS API Documentation linked below.

  `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindings>`_
rtype:

dict

returns:

Response Syntax

# This section is too large to render.
# Please see the AWS API Documentation linked below.

AWS API Documentation

Response Structure

# This section is too large to render.
# Please see the AWS API Documentation linked below.

AWS API Documentation