AWS cli documentation change
Summary
Updated AWS CLI version reference from 2.31.21 to 2.31.23, changed API preview status from private to public, and added extensive new filterable fields including malware severity, vulnerability details (CVE scores, affected packages), encryption details, network evidence fields, and nested composite filters.
Security assessment
The changes primarily document new filtering capabilities for security findings, including fields like malware.severity, vulnerabilities.cve.epss.score, and encryption details. While these enhance security analysis capabilities, there is no evidence of addressing a specific vulnerability or security incident. The updates expand documentation of security-related features rather than patching issues.
Diff
diff --git a/cli/latest/reference/securityhub/get-finding-statistics-v2.md b/cli/latest/reference/securityhub/get-finding-statistics-v2.md index e6d5a08c5..89955be70 100644 --- a//cli/latest/reference/securityhub/get-finding-statistics-v2.md +++ b//cli/latest/reference/securityhub/get-finding-statistics-v2.md @@ -15 +15 @@ - * [AWS CLI 2.31.21 Command Reference](../../index.html) » + * [AWS CLI 2.31.23 Command Reference](../../index.html) » @@ -59 +59 @@ First time using the AWS CLI? See the [User Guide](https://docs.aws.amazon.com/c -Returns aggregated statistical data about findings. `GetFindingStatisticsV2` use `securityhub:GetAdhocInsightResults` in the `Action` element of an IAM policy statement. You must have permission to perform the `s` action. This API is in private preview and subject to change. +Returns aggregated statistical data about findings. `GetFindingStatisticsV2` use `securityhub:GetAdhocInsightResults` in the `Action` element of an IAM policy statement. You must have permission to perform the `s` action. This API is in public preview and subject to change. @@ -159,0 +160,37 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi +>>>>>>>> * `databucket.encryption_details.algorithm` +>>>>>>>> * `databucket.encryption_details.key_uid` +>>>>>>>> * `databucket.file.data_classifications.classifier_details.type` +>>>>>>>> * `evidences.actor.user.account.uid` +>>>>>>>> * `evidences.api.operation` +>>>>>>>> * `evidences.api.response.error_message` +>>>>>>>> * `evidences.api.service.name` +>>>>>>>> * `evidences.connection_info.direction` +>>>>>>>> * `evidences.connection_info.protocol_name` +>>>>>>>> * `evidences.dst_endpoint.autonomous_system.name` +>>>>>>>> * `evidences.dst_endpoint.location.city` +>>>>>>>> * `evidences.dst_endpoint.location.country` +>>>>>>>> * `evidences.src_endpoint.autonomous_system.name` +>>>>>>>> * `evidences.src_endpoint.hostname` +>>>>>>>> * `evidences.src_endpoint.location.city` +>>>>>>>> * `evidences.src_endpoint.location.country` +>>>>>>>> * `finding_info.analytic.name` +>>>>>>>> * `malware.name` +>>>>>>>> * `malware_scan_info.uid` +>>>>>>>> * `malware.severity` +>>>>>>>> * `resources.cloud_function.layers.uid_alt` +>>>>>>>> * `resources.cloud_function.runtime` +>>>>>>>> * `resources.cloud_function.user.uid` +>>>>>>>> * `resources.device.encryption_details.key_uid` +>>>>>>>> * `resources.device.image.uid` +>>>>>>>> * `resources.image.architecture` +>>>>>>>> * `resources.image.registry_uid` +>>>>>>>> * `resources.image.repository_name` +>>>>>>>> * `resources.image.uid` +>>>>>>>> * `resources.subnet_info.uid` +>>>>>>>> * `resources.vpc_uid` +>>>>>>>> * `vulnerabilities.affected_code.file.path` +>>>>>>>> * `vulnerabilities.affected_packages.name` +>>>>>>>> * `vulnerabilities.cve.epss.score` +>>>>>>>> * `vulnerabilities.cve.uid` +>>>>>>>> * `vulnerabilities.related_vulnerabilities` +>>>>>>>> * `cloud.account.name` @@ -245,0 +283,3 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi +>>>>>>>> * `resources.image.created_time_dt` +>>>>>>>> * `resources.image.last_used_time_dt` +>>>>>>>> * `resources.modified_time_dt` @@ -342,0 +383,6 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi +>>>>>>>> * `evidences.api.response.code` +>>>>>>>> * `evidences.dst_endpoint.autonomous_system.number` +>>>>>>>> * `evidences.dst_endpoint.port` +>>>>>>>> * `evidences.src_endpoint.autonomous_system.number` +>>>>>>>> * `evidences.src_endpoint.port` +>>>>>>>> * `resources.image.in_use_count` @@ -384,0 +431,3 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi +>>>>>>>> * `compliance.control_parameters` +>>>>>>>> * `databucket.tags` +>>>>>>>> * `finding_info.tags` @@ -447,0 +497,469 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi +>>>>> +>>>>> IpFilters -> (list) +>>>>> +>>>>>> A list of IP address filters that allowing you to filter findings based on IP address properties. +>>>>>> +>>>>>> (structure) +>>>>>> +>>>>>>> The structure for filtering findings based on IP address attributes. +>>>>>>> +>>>>>>> FieldName -> (string) +>>>>>>> +>>>>>>>> The name of the IP address field to filter on. +>>>>>>>> +>>>>>>>> Possible values: +>>>>>>>> +>>>>>>>> * `evidences.dst_endpoint.ip` +>>>>>>>> * `evidences.src_endpoint.ip` +>>>>>>>> + +>>>>>>> +>>>>>>> Filter -> (structure) +>>>>>>> +>>>>>>>> The IP filter for querying findings. +>>>>>>>> +>>>>>>>> Cidr -> (string) +>>>>>>>> +>>>>>>>>> A finding’s CIDR value. +>>>>>>>>> +>>>>>>>>> Constraints: +>>>>>>>>> +>>>>>>>>> * pattern: `.*\S.*` +>>>>>>>>> + +>>>>> +>>>>> NestedCompositeFilters -> (list) +>>>>> +>>>>>> Provides an additional level of filtering, creating a three-layer nested structure. The first layer is a `CompositeFilters` array with a `CompositeOperator` (`AND` /`OR` ). The second layer is a `CompositeFilter` object that contains direct filters and `NestedCompositeFilters` . The third layer is `NestedCompositeFilters` , which contains additional filter conditions. +>>>>>> +>>>>>> (structure) +>>>>>> +>>>>>>> Enables the creation of filtering criteria for security findings. +>>>>>>> +>>>>>>> StringFilters -> (list) +>>>>>>> +>>>>>>>> Enables filtering based on string field values. +>>>>>>>> +>>>>>>>> (structure) +>>>>>>>> +>>>>>>>>> Enables filtering of security findings based on string field values in OCSF. +>>>>>>>>> +>>>>>>>>> FieldName -> (string) +>>>>>>>>> +>>>>>>>>>> The name of the field. +>>>>>>>>>> +>>>>>>>>>> Possible values: +>>>>>>>>>> +>>>>>>>>>> * `metadata.uid` +>>>>>>>>>> * `activity_name` +>>>>>>>>>> * `cloud.account.uid` +>>>>>>>>>> * `cloud.provider` +>>>>>>>>>> * `cloud.region` +>>>>>>>>>> * `compliance.assessments.category` +>>>>>>>>>> * `compliance.assessments.name` +>>>>>>>>>> * `compliance.control` +>>>>>>>>>> * `compliance.status` +>>>>>>>>>> * `compliance.standards` +>>>>>>>>>> * `finding_info.desc` +>>>>>>>>>> * `finding_info.src_url` +>>>>>>>>>> * `finding_info.title` +>>>>>>>>>> * `finding_info.types` +>>>>>>>>>> * `finding_info.uid` +>>>>>>>>>> * `finding_info.related_events.uid` +>>>>>>>>>> * `finding_info.related_events.product.uid` +>>>>>>>>>> * `finding_info.related_events.title` +>>>>>>>>>> * `metadata.product.name` +>>>>>>>>>> * `metadata.product.uid` +>>>>>>>>>> * `metadata.product.vendor_name` +>>>>>>>>>> * `remediation.desc` +>>>>>>>>>> * `remediation.references` +>>>>>>>>>> * `resources.cloud_partition` +>>>>>>>>>> * `resources.region` +>>>>>>>>>> * `resources.type` +>>>>>>>>>> * `resources.uid` +>>>>>>>>>> * `severity` +>>>>>>>>>> * `status` +>>>>>>>>>> * `comment` +>>>>>>>>>> * `vulnerabilities.fix_coverage` +>>>>>>>>>> * `class_name` +>>>>>>>>>> * `databucket.encryption_details.algorithm` +>>>>>>>>>> * `databucket.encryption_details.key_uid` +>>>>>>>>>> * `databucket.file.data_classifications.classifier_details.type` +>>>>>>>>>> * `evidences.actor.user.account.uid` +>>>>>>>>>> * `evidences.api.operation` +>>>>>>>>>> * `evidences.api.response.error_message` +>>>>>>>>>> * `evidences.api.service.name` +>>>>>>>>>> * `evidences.connection_info.direction` +>>>>>>>>>> * `evidences.connection_info.protocol_name` +>>>>>>>>>> * `evidences.dst_endpoint.autonomous_system.name` +>>>>>>>>>> * `evidences.dst_endpoint.location.city` +>>>>>>>>>> * `evidences.dst_endpoint.location.country` +>>>>>>>>>> * `evidences.src_endpoint.autonomous_system.name` +>>>>>>>>>> * `evidences.src_endpoint.hostname` +>>>>>>>>>> * `evidences.src_endpoint.location.city` +>>>>>>>>>> * `evidences.src_endpoint.location.country` +>>>>>>>>>> * `finding_info.analytic.name` +>>>>>>>>>> * `malware.name` +>>>>>>>>>> * `malware_scan_info.uid` +>>>>>>>>>> * `malware.severity` +>>>>>>>>>> * `resources.cloud_function.layers.uid_alt` +>>>>>>>>>> * `resources.cloud_function.runtime` +>>>>>>>>>> * `resources.cloud_function.user.uid` +>>>>>>>>>> * `resources.device.encryption_details.key_uid` +>>>>>>>>>> * `resources.device.image.uid` +>>>>>>>>>> * `resources.image.architecture` +>>>>>>>>>> * `resources.image.registry_uid` +>>>>>>>>>> * `resources.image.repository_name` +>>>>>>>>>> * `resources.image.uid` +>>>>>>>>>> * `resources.subnet_info.uid` +>>>>>>>>>> * `resources.vpc_uid` +>>>>>>>>>> * `vulnerabilities.affected_code.file.path` +>>>>>>>>>> * `vulnerabilities.affected_packages.name` +>>>>>>>>>> * `vulnerabilities.cve.epss.score` +>>>>>>>>>> * `vulnerabilities.cve.uid` +>>>>>>>>>> * `vulnerabilities.related_vulnerabilities` +>>>>>>>>>> * `cloud.account.name` +>>>>>>>>>> + +>>>>>>>>> +>>>>>>>>> Filter -> (structure) +>>>>>>>>> +>>>>>>>>>> A string filter for filtering Security Hub findings. +>>>>>>>>>> +>>>>>>>>>> Value -> (string) +>>>>>>>>>> +>>>>>>>>>>> The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is `Security Hub` . If you provide `security hub` as the filter value, there’s no match. +>>>>>>>>>>>