AWS cli documentation change
Summary
Updated API documentation for Security Hub's GetResourcesStatisticsV2 command, including field name capitalization changes, API preview status update, and added nested composite filters documentation
Security assessment
The changes primarily document enhanced filtering capabilities (StringFilters, DateFilters, NumberFilters, MapFilters) for security findings analysis. While these improvements help users better query security data, there is no evidence of addressing a specific vulnerability. The changes add documentation about security feature usage but don't patch a security flaw.
Diff
diff --git a/cli/latest/reference/securityhub/get-resources-statistics-v2.md b/cli/latest/reference/securityhub/get-resources-statistics-v2.md index bcbae20e7..9f6174a10 100644 --- a//cli/latest/reference/securityhub/get-resources-statistics-v2.md +++ b//cli/latest/reference/securityhub/get-resources-statistics-v2.md @@ -15 +15 @@ - * [AWS CLI 2.31.21 Command Reference](../../index.html) » + * [AWS CLI 2.31.23 Command Reference](../../index.html) » @@ -59 +59 @@ First time using the AWS CLI? See the [User Guide](https://docs.aws.amazon.com/c -Retrieves statistical information about Amazon Web Services resources and their associated security findings. This API is in private preview and subject to change. +Retrieves statistical information about Amazon Web Services resources and their associated security findings. This API is in public preview and subject to change. @@ -108,6 +108,6 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>> * `account_id` ->>> * `region` ->>> * `resource_category` ->>> * `resource_type` ->>> * `resource_name` ->>> * `findings_summary.finding_type` +>>> * `AccountId` +>>> * `Region` +>>> * `ResourceCategory` +>>> * `ResourceType` +>>> * `ResourceName` +>>> * `FindingsSummary.FindingType` @@ -143,9 +143,9 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>>>>>> * `resource_arn` ->>>>>>>> * `resource_id` ->>>>>>>> * `account_id` ->>>>>>>> * `region` ->>>>>>>> * `resource_category` ->>>>>>>> * `resource_type` ->>>>>>>> * `resource_name` ->>>>>>>> * `findings_summary.finding_type` ->>>>>>>> * `findings_summary.product_name` +>>>>>>>> * `ResourceGuid` +>>>>>>>> * `ResourceId` +>>>>>>>> * `AccountId` +>>>>>>>> * `Region` +>>>>>>>> * `ResourceCategory` +>>>>>>>> * `ResourceType` +>>>>>>>> * `ResourceName` +>>>>>>>> * `FindingsSummary.FindingType` +>>>>>>>> * `FindingsSummary.ProductName` @@ -234,2 +234,2 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>>>>>> * `resource_detail_capture_time_dt` ->>>>>>>> * `resource_creation_time_dt` +>>>>>>>> * `ResourceDetailCaptureTime` +>>>>>>>> * `ResourceCreationTime` @@ -299,9 +299,9 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>>>>>> * `findings_summary.total_findings` ->>>>>>>> * `findings_summary.severities.other` ->>>>>>>> * `findings_summary.severities.fatal` ->>>>>>>> * `findings_summary.severities.critical` ->>>>>>>> * `findings_summary.severities.high` ->>>>>>>> * `findings_summary.severities.medium` ->>>>>>>> * `findings_summary.severities.low` ->>>>>>>> * `findings_summary.severities.informational` ->>>>>>>> * `findings_summary.severities.unknown` +>>>>>>>> * `FindingsSummary.TotalFindings` +>>>>>>>> * `FindingsSummary.Severities.Other` +>>>>>>>> * `FindingsSummary.Severities.Fatal` +>>>>>>>> * `FindingsSummary.Severities.Critical` +>>>>>>>> * `FindingsSummary.Severities.High` +>>>>>>>> * `FindingsSummary.Severities.Medium` +>>>>>>>> * `FindingsSummary.Severities.Low` +>>>>>>>> * `FindingsSummary.Severities.Informational` +>>>>>>>> * `FindingsSummary.Severities.Unknown` @@ -349 +349 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi ->>>>>>>> * `tags` +>>>>>>>> * `ResourceTags` @@ -412,0 +413,304 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi +>>>>> +>>>>> NestedCompositeFilters -> (list) +>>>>> +>>>>>> Provides an additional level of filtering, creating a three-layer nested structure. The first layer is a `CompositeFilters` array with a `CompositeOperator` (`AND` /`OR` ). The second layer is a `CompositeFilter` object that contains direct filters and `NestedCompositeFilters` . The third layer is `NestedCompositeFilters` , which contains additional filter conditions. +>>>>>> +>>>>>> (structure) +>>>>>> +>>>>>>> Enables the creation of criteria for Amazon Web Services resources in Security Hub. +>>>>>>> +>>>>>>> StringFilters -> (list) +>>>>>>> +>>>>>>>> Enables filtering based on string field values. +>>>>>>>> +>>>>>>>> (structure) +>>>>>>>> +>>>>>>>>> Enables filtering of Amazon Web Services resources based on string field values. +>>>>>>>>> +>>>>>>>>> FieldName -> (string) +>>>>>>>>> +>>>>>>>>>> The name of the field. +>>>>>>>>>> +>>>>>>>>>> Possible values: +>>>>>>>>>> +>>>>>>>>>> * `ResourceGuid` +>>>>>>>>>> * `ResourceId` +>>>>>>>>>> * `AccountId` +>>>>>>>>>> * `Region` +>>>>>>>>>> * `ResourceCategory` +>>>>>>>>>> * `ResourceType` +>>>>>>>>>> * `ResourceName` +>>>>>>>>>> * `FindingsSummary.FindingType` +>>>>>>>>>> * `FindingsSummary.ProductName` +>>>>>>>>>> + +>>>>>>>>> +>>>>>>>>> Filter -> (structure) +>>>>>>>>> +>>>>>>>>>> A string filter for filtering Security Hub findings. +>>>>>>>>>> +>>>>>>>>>> Value -> (string) +>>>>>>>>>> +>>>>>>>>>>> The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is `Security Hub` . If you provide `security hub` as the filter value, there’s no match. +>>>>>>>>>>> +>>>>>>>>>>> Constraints: +>>>>>>>>>>> +>>>>>>>>>>> * pattern: `.*\S.*` +>>>>>>>>>>> + +>>>>>>>>>> +>>>>>>>>>> Comparison -> (string) +>>>>>>>>>> +>>>>>>>>>>> The condition to apply to a string value when filtering Security Hub findings. +>>>>>>>>>>> +>>>>>>>>>>> To search for values that have the filter value, use one of the following comparison operators: +>>>>>>>>>>> +>>>>>>>>>>> * To search for values that include the filter value, use `CONTAINS` . For example, the filter `Title CONTAINS CloudFront` matches findings that have a `Title` that includes the string CloudFront. +>>>>>>>>>>> * To search for values that exactly match the filter value, use `EQUALS` . For example, the filter `AwsAccountId EQUALS 123456789012` only matches findings that have an account ID of `123456789012` . +>>>>>>>>>>> * To search for values that start with the filter value, use `PREFIX` . For example, the filter `ResourceRegion PREFIX us` matches findings that have a `ResourceRegion` that starts with `us` . A `ResourceRegion` that starts with a different value, such as `af` , `ap` , or `ca` , doesn’t match. +>>>>>>>>>>> + +>>>>>>>>>>> +>>>>>>>>>>>> `CONTAINS` , `EQUALS` , and `PREFIX` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Title CONTAINS CloudFront OR Title CONTAINS CloudWatch` match a finding that includes either `CloudFront` , `CloudWatch` , or both strings in the title. +>>>>>>>>>>> +>>>>>>>>>>> To search for values that don’t have the filter value, use one of the following comparison operators: +>>>>>>>>>>> +>>>>>>>>>>> * To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, the filter `Title NOT_CONTAINS CloudFront` matches findings that have a `Title` that excludes the string CloudFront. +>>>>>>>>>>> * To search for values other than the filter value, use `NOT_EQUALS` . For example, the filter `AwsAccountId NOT_EQUALS 123456789012` only matches findings that have an account ID other than `123456789012` . +>>>>>>>>>>> * To search for values that don’t start with the filter value, use `PREFIX_NOT_EQUALS` . For example, the filter `ResourceRegion PREFIX_NOT_EQUALS us` matches findings with a `ResourceRegion` that starts with a value other than `us` . +>>>>>>>>>>> + +>>>>>>>>>>> +>>>>>>>>>>>> `NOT_CONTAINS` , `NOT_EQUALS` , and `PREFIX_NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch` match a finding that excludes both `CloudFront` and `CloudWatch` in the title. +>>>>>>>>>>> +>>>>>>>>>>> You can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can’t provide both an `EQUALS` filter and a `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filter on the same field. Combining filters in this way returns an error. `CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters. +>>>>>>>>>>> +>>>>>>>>>>> You can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters. +>>>>>>>>>>> +>>>>>>>>>>> For example, for the following filters, Security Hub first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2` . It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface` . +>>>>>>>>>>> +>>>>>>>>>>> * `ResourceType PREFIX AwsIam` +>>>>>>>>>>> * `ResourceType PREFIX AwsEc2` +>>>>>>>>>>> * `ResourceType NOT_EQUALS AwsIamPolicy` +>>>>>>>>>>> * `ResourceType NOT_EQUALS AwsEc2NetworkInterface` +>>>>>>>>>>> + +>>>>>>>>>>> +>>>>>>>>>>>> `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules V1. `CONTAINS_WORD` operator is only supported in `GetFindingsV2` , `GetFindingStatisticsV2` , `GetResourcesV2` , and `GetResourceStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the _Security Hub User Guide_ . +>>>>>>>>>>> +>>>>>>>>>>> Possible values: +>>>>>>>>>>> +>>>>>>>>>>> * `EQUALS` +>>>>>>>>>>> * `PREFIX` +>>>>>>>>>>> * `NOT_EQUALS` +>>>>>>>>>>> * `PREFIX_NOT_EQUALS` +>>>>>>>>>>> * `CONTAINS` +>>>>>>>>>>> * `NOT_CONTAINS` +>>>>>>>>>>> * `CONTAINS_WORD` +>>>>>>>>>>> + +>>>>>>> +>>>>>>> DateFilters -> (list) +>>>>>>> +>>>>>>>> Enables filtering based on date and timestamp field values. +>>>>>>>> +>>>>>>>> (structure) +>>>>>>>> +>>>>>>>>> Enables the filtering of Amazon Web Services resources based on date and timestamp attributes. +>>>>>>>>> +>>>>>>>>> FieldName -> (string) +>>>>>>>>> +>>>>>>>>>> The name of the field. +>>>>>>>>>> +>>>>>>>>>> Possible values: +>>>>>>>>>> +>>>>>>>>>> * `ResourceDetailCaptureTime` +>>>>>>>>>> * `ResourceCreationTime` +>>>>>>>>>> + +>>>>>>>>> +>>>>>>>>> Filter -> (structure) +>>>>>>>>> +>>>>>>>>>> A date filter for querying findings. +>>>>>>>>>> +>>>>>>>>>> Start -> (string) +>>>>>>>>>> +>>>>>>>>>>> A timestamp that provides the start date for the date filter. +>>>>>>>>>>> +>>>>>>>>>>> For more information about the validation and formatting of timestamp fields in Security Hub, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps) . +>>>>>>>>>>> +>>>>>>>>>>> Constraints: