AWS API Changes

2020/01/15 - AWS SecurityHub - 2 new api methods

Changes Update securityhub client to latest version

UpdateStandardsControl (new)

Link ¶

Used to control whether an individual compliance standard control is enabled or disabled.

Request Syntax

client.update_standards_control(
    StandardsControlArn='string',
    ControlStatus='ENABLED'|'DISABLED',
    DisabledReason='string'
)

type StandardsControlArn:

string

param StandardsControlArn:

[REQUIRED]

The ARN of the compliance standard control to enable or disable.

type ControlStatus:

string

param ControlStatus:

The updated status of the compliance standard control.

type DisabledReason:

string

param DisabledReason:

A description of the reason why you are disabling a compliance standard control.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

(dict) --

DescribeStandardsControls (new)

Link ¶

Returns a list of compliance standards controls.

For each control, the results include information about whether it is currently enabled, the severity, and a link to remediation information.

See also: AWS API Documentation

Request Syntax

client.describe_standards_controls(
    StandardsSubscriptionArn='string',
    NextToken='string',
    MaxResults=123
)

type StandardsSubscriptionArn:

string

param StandardsSubscriptionArn:

[REQUIRED]

The ARN of a resource that represents your subscription to a supported standard.

type NextToken:

string

param NextToken:

For requests to get the next page of results, the pagination token that was returned with the previous set of results. The initial request does not include a pagination token.

type MaxResults:

integer

param MaxResults:

The maximum number of compliance standard controls to return.

rtype:

dict

returns:

Response Syntax

{
    'Controls': [
        {
            'StandardsControlArn': 'string',
            'ControlStatus': 'ENABLED'|'DISABLED',
            'DisabledReason': 'string',
            'ControlStatusUpdatedAt': datetime(2015, 1, 1),
            'ControlId': 'string',
            'Title': 'string',
            'Description': 'string',
            'RemediationUrl': 'string',
            'SeverityRating': 'LOW'|'MEDIUM'|'HIGH'|'CRITICAL'
        },
    ],
    'NextToken': 'string'
}

Response Structure

(dict) --
- Controls (list) --
  
  A list of compliance standards controls.
  - (dict) --
    
    Details for an individual compliance standard control.
    - StandardsControlArn (string) --
      
      The ARN of the compliance standard control.
    - ControlStatus (string) --
      
      The current status of the compliance standard control. Indicates whether the control is enabled or disabled. Security Hub does not check against disabled controls.
    - DisabledReason (string) --
      
      The reason provided for the most recent change in status for the control.
    - ControlStatusUpdatedAt (datetime) --
      
      The date and time that the status of the compliance standard control was most recently updated.
    - ControlId (string) --
      
      The identifier of the compliance standard control.
    - Title (string) --
      
      The title of the compliance standard control.
    - Description (string) --
      
      The longer description of the compliance standard control. Provides information about what the control is checking for.
    - RemediationUrl (string) --
      
      A link to remediation information for the control in the Security Hub user documentation
    - SeverityRating (string) --
      
      The severity of findings generated from this compliance standard control.
      
      The finding severity is based on an assessment of how easy it would be to compromise AWS resources if the compliance issue is detected.
- NextToken (string) --
  
  If there are more compliance standards control remaining in the results, then this is the pagination token to use to request the next page of compliance standard controls.