AWS cli documentation change
Summary
Updated documentation for Security Hub automation rules V2 with expanded filterable fields, nested composite filters, IP filtering capabilities, and transition from private to public preview
Security assessment
Added numerous security-related filtering fields including encryption details, malware attributes, vulnerability tracking (CVE IDs, EPSS scores), and network evidence analysis. While these enhance security monitoring capabilities, there's no evidence of addressing a specific disclosed vulnerability
Diff
diff --git a/cli/latest/reference/securityhub/update-automation-rule-v2.md b/cli/latest/reference/securityhub/update-automation-rule-v2.md index 1b393b374..76869ab28 100644 --- a//cli/latest/reference/securityhub/update-automation-rule-v2.md +++ b//cli/latest/reference/securityhub/update-automation-rule-v2.md @@ -15 +15 @@ - * [AWS CLI 2.31.21 Command Reference](../../index.html) » + * [AWS CLI 2.31.23 Command Reference](../../index.html) » @@ -59 +59 @@ First time using the AWS CLI? See the [User Guide](https://docs.aws.amazon.com/c -Updates a V2 automation rule. This API is in private preview and subject to change. +Updates a V2 automation rule. This API is in public preview and subject to change. @@ -215,0 +216,37 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi +>>>>>>> * `databucket.encryption_details.algorithm` +>>>>>>> * `databucket.encryption_details.key_uid` +>>>>>>> * `databucket.file.data_classifications.classifier_details.type` +>>>>>>> * `evidences.actor.user.account.uid` +>>>>>>> * `evidences.api.operation` +>>>>>>> * `evidences.api.response.error_message` +>>>>>>> * `evidences.api.service.name` +>>>>>>> * `evidences.connection_info.direction` +>>>>>>> * `evidences.connection_info.protocol_name` +>>>>>>> * `evidences.dst_endpoint.autonomous_system.name` +>>>>>>> * `evidences.dst_endpoint.location.city` +>>>>>>> * `evidences.dst_endpoint.location.country` +>>>>>>> * `evidences.src_endpoint.autonomous_system.name` +>>>>>>> * `evidences.src_endpoint.hostname` +>>>>>>> * `evidences.src_endpoint.location.city` +>>>>>>> * `evidences.src_endpoint.location.country` +>>>>>>> * `finding_info.analytic.name` +>>>>>>> * `malware.name` +>>>>>>> * `malware_scan_info.uid` +>>>>>>> * `malware.severity` +>>>>>>> * `resources.cloud_function.layers.uid_alt` +>>>>>>> * `resources.cloud_function.runtime` +>>>>>>> * `resources.cloud_function.user.uid` +>>>>>>> * `resources.device.encryption_details.key_uid` +>>>>>>> * `resources.device.image.uid` +>>>>>>> * `resources.image.architecture` +>>>>>>> * `resources.image.registry_uid` +>>>>>>> * `resources.image.repository_name` +>>>>>>> * `resources.image.uid` +>>>>>>> * `resources.subnet_info.uid` +>>>>>>> * `resources.vpc_uid` +>>>>>>> * `vulnerabilities.affected_code.file.path` +>>>>>>> * `vulnerabilities.affected_packages.name` +>>>>>>> * `vulnerabilities.cve.epss.score` +>>>>>>> * `vulnerabilities.cve.uid` +>>>>>>> * `vulnerabilities.related_vulnerabilities` +>>>>>>> * `cloud.account.name` @@ -301,0 +339,3 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi +>>>>>>> * `resources.image.created_time_dt` +>>>>>>> * `resources.image.last_used_time_dt` +>>>>>>> * `resources.modified_time_dt` @@ -398,0 +439,6 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi +>>>>>>> * `evidences.api.response.code` +>>>>>>> * `evidences.dst_endpoint.autonomous_system.number` +>>>>>>> * `evidences.dst_endpoint.port` +>>>>>>> * `evidences.src_endpoint.autonomous_system.number` +>>>>>>> * `evidences.src_endpoint.port` +>>>>>>> * `resources.image.in_use_count` @@ -440,0 +487,3 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi +>>>>>>> * `compliance.control_parameters` +>>>>>>> * `databucket.tags` +>>>>>>> * `finding_info.tags` @@ -503,0 +553,469 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi +>>>> +>>>> IpFilters -> (list) +>>>> +>>>>> A list of IP address filters that allowing you to filter findings based on IP address properties. +>>>>> +>>>>> (structure) +>>>>> +>>>>>> The structure for filtering findings based on IP address attributes. +>>>>>> +>>>>>> FieldName -> (string) +>>>>>> +>>>>>>> The name of the IP address field to filter on. +>>>>>>> +>>>>>>> Possible values: +>>>>>>> +>>>>>>> * `evidences.dst_endpoint.ip` +>>>>>>> * `evidences.src_endpoint.ip` +>>>>>>> + +>>>>>> +>>>>>> Filter -> (structure) +>>>>>> +>>>>>>> The IP filter for querying findings. +>>>>>>> +>>>>>>> Cidr -> (string) +>>>>>>> +>>>>>>>> A finding’s CIDR value. +>>>>>>>> +>>>>>>>> Constraints: +>>>>>>>> +>>>>>>>> * pattern: `.*\S.*` +>>>>>>>> + +>>>> +>>>> NestedCompositeFilters -> (list) +>>>> +>>>>> Provides an additional level of filtering, creating a three-layer nested structure. The first layer is a `CompositeFilters` array with a `CompositeOperator` (`AND` /`OR` ). The second layer is a `CompositeFilter` object that contains direct filters and `NestedCompositeFilters` . The third layer is `NestedCompositeFilters` , which contains additional filter conditions. +>>>>> +>>>>> (structure) +>>>>> +>>>>>> Enables the creation of filtering criteria for security findings. +>>>>>> +>>>>>> StringFilters -> (list) +>>>>>> +>>>>>>> Enables filtering based on string field values. +>>>>>>> +>>>>>>> (structure) +>>>>>>> +>>>>>>>> Enables filtering of security findings based on string field values in OCSF. +>>>>>>>> +>>>>>>>> FieldName -> (string) +>>>>>>>> +>>>>>>>>> The name of the field. +>>>>>>>>> +>>>>>>>>> Possible values: +>>>>>>>>> +>>>>>>>>> * `metadata.uid` +>>>>>>>>> * `activity_name` +>>>>>>>>> * `cloud.account.uid` +>>>>>>>>> * `cloud.provider` +>>>>>>>>> * `cloud.region` +>>>>>>>>> * `compliance.assessments.category` +>>>>>>>>> * `compliance.assessments.name` +>>>>>>>>> * `compliance.control` +>>>>>>>>> * `compliance.status` +>>>>>>>>> * `compliance.standards` +>>>>>>>>> * `finding_info.desc` +>>>>>>>>> * `finding_info.src_url` +>>>>>>>>> * `finding_info.title` +>>>>>>>>> * `finding_info.types` +>>>>>>>>> * `finding_info.uid` +>>>>>>>>> * `finding_info.related_events.uid` +>>>>>>>>> * `finding_info.related_events.product.uid` +>>>>>>>>> * `finding_info.related_events.title` +>>>>>>>>> * `metadata.product.name` +>>>>>>>>> * `metadata.product.uid` +>>>>>>>>> * `metadata.product.vendor_name` +>>>>>>>>> * `remediation.desc` +>>>>>>>>> * `remediation.references` +>>>>>>>>> * `resources.cloud_partition` +>>>>>>>>> * `resources.region` +>>>>>>>>> * `resources.type` +>>>>>>>>> * `resources.uid` +>>>>>>>>> * `severity` +>>>>>>>>> * `status` +>>>>>>>>> * `comment` +>>>>>>>>> * `vulnerabilities.fix_coverage` +>>>>>>>>> * `class_name` +>>>>>>>>> * `databucket.encryption_details.algorithm` +>>>>>>>>> * `databucket.encryption_details.key_uid` +>>>>>>>>> * `databucket.file.data_classifications.classifier_details.type` +>>>>>>>>> * `evidences.actor.user.account.uid` +>>>>>>>>> * `evidences.api.operation` +>>>>>>>>> * `evidences.api.response.error_message` +>>>>>>>>> * `evidences.api.service.name` +>>>>>>>>> * `evidences.connection_info.direction` +>>>>>>>>> * `evidences.connection_info.protocol_name` +>>>>>>>>> * `evidences.dst_endpoint.autonomous_system.name` +>>>>>>>>> * `evidences.dst_endpoint.location.city` +>>>>>>>>> * `evidences.dst_endpoint.location.country` +>>>>>>>>> * `evidences.src_endpoint.autonomous_system.name` +>>>>>>>>> * `evidences.src_endpoint.hostname` +>>>>>>>>> * `evidences.src_endpoint.location.city` +>>>>>>>>> * `evidences.src_endpoint.location.country` +>>>>>>>>> * `finding_info.analytic.name` +>>>>>>>>> * `malware.name` +>>>>>>>>> * `malware_scan_info.uid` +>>>>>>>>> * `malware.severity` +>>>>>>>>> * `resources.cloud_function.layers.uid_alt` +>>>>>>>>> * `resources.cloud_function.runtime` +>>>>>>>>> * `resources.cloud_function.user.uid` +>>>>>>>>> * `resources.device.encryption_details.key_uid` +>>>>>>>>> * `resources.device.image.uid` +>>>>>>>>> * `resources.image.architecture` +>>>>>>>>> * `resources.image.registry_uid` +>>>>>>>>> * `resources.image.repository_name` +>>>>>>>>> * `resources.image.uid` +>>>>>>>>> * `resources.subnet_info.uid` +>>>>>>>>> * `resources.vpc_uid` +>>>>>>>>> * `vulnerabilities.affected_code.file.path` +>>>>>>>>> * `vulnerabilities.affected_packages.name` +>>>>>>>>> * `vulnerabilities.cve.epss.score` +>>>>>>>>> * `vulnerabilities.cve.uid` +>>>>>>>>> * `vulnerabilities.related_vulnerabilities` +>>>>>>>>> * `cloud.account.name` +>>>>>>>>> + +>>>>>>>> +>>>>>>>> Filter -> (structure) +>>>>>>>> +>>>>>>>>> A string filter for filtering Security Hub findings. +>>>>>>>>> +>>>>>>>>> Value -> (string) +>>>>>>>>> +>>>>>>>>>> The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is `Security Hub` . If you provide `security hub` as the filter value, there’s no match. +>>>>>>>>>>