AWS SecurityHub

2020/02/14 - AWS SecurityHub - 1 new 1 updated api methods

Changes  Security Hub has released a new DescribeStandards API action. This API action allows a customer to list all of the standards available in an account. For each standard, the list provides the customer with the standard name, description, and ARN. Customers can use the ARN as an input to the BatchEnableStandards API action. To learn more, visit our API documentation.

DescribeStandards (new) Link ¶

Returns a list of the available standards in Security Hub.

For each standard, the results include the standard ARN, the name, and a description.

See also: AWS API Documentation

Request Syntax

client.describe_standards(
    NextToken='string',
    MaxResults=123
)
type NextToken

string

param NextToken

The token that is required for pagination. On your first call to the DescribeStandards operation, set the value of this parameter to NULL .

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

type MaxResults

integer

param MaxResults

The maximum number of standards to return.

rtype

dict

returns

Response Syntax

{
    'Standards': [
        {
            'StandardsArn': 'string',
            'Name': 'string',
            'Description': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Standards (list) --

      A list of available standards.

      • (dict) --

        Provides information about a specific standard.

        • StandardsArn (string) --

          The ARN of a standard.

        • Name (string) --

          The name of the standard.

        • Description (string) --

          A description of the standard.

    • NextToken (string) --

      The pagination token to use to request the next page of results.

DescribeStandardsControls (updated) Link ¶
Changes (response) 
{'Controls': {'RelatedRequirements': ['string']}}

Returns a list of compliance standards controls.

For each control, the results include information about whether it is currently enabled, the severity, and a link to remediation information.

See also: AWS API Documentation

Request Syntax

client.describe_standards_controls(
    StandardsSubscriptionArn='string',
    NextToken='string',
    MaxResults=123
)
type StandardsSubscriptionArn

string

param StandardsSubscriptionArn

[REQUIRED]

The ARN of a resource that represents your subscription to a supported standard.

type NextToken

string

param NextToken

The token that is required for pagination. On your first call to the DescribeStandardsControls operation, set the value of this parameter to NULL .

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

type MaxResults

integer

param MaxResults

The maximum number of compliance standard controls to return.

rtype

dict

returns

Response Syntax

{
    'Controls': [
        {
            'StandardsControlArn': 'string',
            'ControlStatus': 'ENABLED'|'DISABLED',
            'DisabledReason': 'string',
            'ControlStatusUpdatedAt': datetime(2015, 1, 1),
            'ControlId': 'string',
            'Title': 'string',
            'Description': 'string',
            'RemediationUrl': 'string',
            'SeverityRating': 'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
            'RelatedRequirements': [
                'string',
            ]
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Controls (list) --

      A list of compliance standards controls.

      • (dict) --

        Details for an individual compliance standard control.

        • StandardsControlArn (string) --

          The ARN of the compliance standard control.

        • ControlStatus (string) --

          The current status of the compliance standard control. Indicates whether the control is enabled or disabled. Security Hub does not check against disabled controls.

        • DisabledReason (string) --

          The reason provided for the most recent change in status for the control.

        • ControlStatusUpdatedAt (datetime) --

          The date and time that the status of the compliance standard control was most recently updated.

        • ControlId (string) --

          The identifier of the compliance standard control.

        • Title (string) --

          The title of the compliance standard control.

        • Description (string) --

          The longer description of the compliance standard control. Provides information about what the control is checking for.

        • RemediationUrl (string) --

          A link to remediation information for the control in the Security Hub user documentation.

        • SeverityRating (string) --

          The severity of findings generated from this compliance standard control.

          The finding severity is based on an assessment of how easy it would be to compromise AWS resources if the compliance issue is detected.

        • RelatedRequirements (list) --

          The list of requirements that are related to this control.

          • (string) --

    • NextToken (string) --

      The pagination token to use to request the next page of results.