AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-02-28 · Documentation low

File: cli/latest/reference/securityhub/get-finding-statistics-v2.md

Summary

Updated CLI reference documentation for Security Hub CSPM filtering capabilities, added --cli-error-format parameter, and expanded GroupByField options

Security assessment

Changes primarily update product references from 'Security Hub' to 'Security Hub CSPM', add error formatting options, and expand filtering fields. While CSPM relates to cloud security posture management, these changes appear to be documentation clarifications and feature enhancements rather than addressing specific vulnerabilities or adding new security capabilities.

Diff

diff --git a/cli/latest/reference/securityhub/get-finding-statistics-v2.md b/cli/latest/reference/securityhub/get-finding-statistics-v2.md
index c8073ccff..141691017 100644
--- a//cli/latest/reference/securityhub/get-finding-statistics-v2.md
+++ b//cli/latest/reference/securityhub/get-finding-statistics-v2.md
@@ -15 +15 @@
-  * [AWS CLI 2.33.29 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.0 Command Reference](../../index.html) »
@@ -89,0 +90 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
+    [--cli-error-format <value>]
@@ -204 +205 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>> A string filter for filtering Security Hub findings.
+>>>>>>>> A string filter for filtering Security Hub CSPM findings.
@@ -208 +209 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>> The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is `Security Hub` . If you provide `security hub` as the filter value, there’s no match.
+>>>>>>>>> The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is `Security Hub CSPM` . If you provide `security hub` as the filter value, there’s no match.
@@ -218 +219 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>> The condition to apply to a string value when filtering Security Hub findings.
+>>>>>>>>> The condition to apply to a string value when filtering Security Hub CSPM findings.
@@ -242 +243 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>> You can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters.
+>>>>>>>>> You can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub CSPM first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters.
@@ -244 +245 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>> For example, for the following filters, Security Hub first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2` . It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface` .
+>>>>>>>>> For example, for the following filters, Security Hub CSPM first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2` . It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface` .
@@ -253 +254 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>>> `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules V1. `CONTAINS_WORD` operator is only supported in `GetFindingsV2` , `GetFindingStatisticsV2` , `GetResourcesV2` , and `GetResourceStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the _Security Hub User Guide_ .
+>>>>>>>>>> `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules V1. `CONTAINS_WORD` operator is only supported in `GetFindingsV2` , `GetFindingStatisticsV2` , `GetResourcesV2` , and `GetResourceStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the _Security Hub CSPM User Guide_ .
@@ -299 +300 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>> For more information about the validation and formatting of timestamp fields in Security Hub, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps) .
+>>>>>>>>> For more information about the validation and formatting of timestamp fields in Security Hub CSPM, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps) .
@@ -311 +312 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>> For more information about the validation and formatting of timestamp fields in Security Hub, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps) .
+>>>>>>>>> For more information about the validation and formatting of timestamp fields in Security Hub CSPM, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps) .
@@ -443 +444 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>> A map filter for filtering Security Hub findings. Each map filter provides the field to check for, the value to check for, and the comparison operator.
+>>>>>>>> A map filter for filtering Security Hub CSPM findings. Each map filter provides the field to check for, the value to check for, and the comparison operator.
@@ -467 +468 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>> The condition to apply to the key value when filtering Security Hub findings with a map filter.
+>>>>>>>>> The condition to apply to the key value when filtering Security Hub CSPM findings with a map filter.
@@ -491 +492 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>>> `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the _Security Hub User Guide_ .
+>>>>>>>>>> `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the _Security Hub CSPM User Guide_ .
@@ -633 +634 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>>> A string filter for filtering Security Hub findings.
+>>>>>>>>>> A string filter for filtering Security Hub CSPM findings.
@@ -637 +638 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>>>> The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is `Security Hub` . If you provide `security hub` as the filter value, there’s no match.
+>>>>>>>>>>> The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is `Security Hub CSPM` . If you provide `security hub` as the filter value, there’s no match.
@@ -647 +648 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>>>> The condition to apply to a string value when filtering Security Hub findings.
+>>>>>>>>>>> The condition to apply to a string value when filtering Security Hub CSPM findings.
@@ -671 +672 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>>>> You can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters.
+>>>>>>>>>>> You can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub CSPM first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters.
@@ -673 +674 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>>>> For example, for the following filters, Security Hub first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2` . It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface` .
+>>>>>>>>>>> For example, for the following filters, Security Hub CSPM first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2` . It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface` .
@@ -682 +683 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>>>>> `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules V1. `CONTAINS_WORD` operator is only supported in `GetFindingsV2` , `GetFindingStatisticsV2` , `GetResourcesV2` , and `GetResourceStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the _Security Hub User Guide_ .
+>>>>>>>>>>>> `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules V1. `CONTAINS_WORD` operator is only supported in `GetFindingsV2` , `GetFindingStatisticsV2` , `GetResourcesV2` , and `GetResourceStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the _Security Hub CSPM User Guide_ .
@@ -728 +729 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>>>> For more information about the validation and formatting of timestamp fields in Security Hub, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps) .
+>>>>>>>>>>> For more information about the validation and formatting of timestamp fields in Security Hub CSPM, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps) .
@@ -740 +741 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>>>> For more information about the validation and formatting of timestamp fields in Security Hub, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps) .
+>>>>>>>>>>> For more information about the validation and formatting of timestamp fields in Security Hub CSPM, see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps) .
@@ -872 +873 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>>> A map filter for filtering Security Hub findings. Each map filter provides the field to check for, the value to check for, and the comparison operator.
+>>>>>>>>>> A map filter for filtering Security Hub CSPM findings. Each map filter provides the field to check for, the value to check for, and the comparison operator.
@@ -896 +897 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>>>> The condition to apply to the key value when filtering Security Hub findings with a map filter.
+>>>>>>>>>>> The condition to apply to the key value when filtering Security Hub CSPM findings with a map filter.
@@ -920 +921 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
->>>>>>>>>>>> `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the _Security Hub User Guide_ .
+>>>>>>>>>>>> `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the _Security Hub CSPM User Guide_ .
@@ -1025,0 +1027 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi
+>>>   * `metadata.product.vendor_name`
@@ -1182 +1184 @@ JSON Syntax:
-        "GroupByField": "activity_name"|"cloud.account.uid"|"cloud.provider"|"cloud.region"|"compliance.assessments.name"|"compliance.status"|"compliance.control"|"finding_info.title"|"finding_info.related_events.traits.category"|"finding_info.types"|"metadata.product.name"|"metadata.product.uid"|"resources.type"|"resources.uid"|"severity"|"status"|"vulnerabilities.fix_coverage"|"class_name"|"vulnerabilities.affected_packages.name"|"finding_info.analytic.name"|"compliance.standards"|"cloud.account.name"|"vendor_attributes.severity"
+        "GroupByField": "activity_name"|"cloud.account.uid"|"cloud.provider"|"cloud.region"|"compliance.assessments.name"|"compliance.status"|"compliance.control"|"finding_info.title"|"finding_info.related_events.traits.category"|"finding_info.types"|"metadata.product.name"|"metadata.product.uid"|"resources.type"|"resources.uid"|"severity"|"status"|"vulnerabilities.fix_coverage"|"class_name"|"vulnerabilities.affected_packages.name"|"finding_info.analytic.name"|"compliance.standards"|"cloud.account.name"|"vendor_attributes.severity"|"metadata.product.vendor_name"
@@ -1240,0 +1243 @@ The formatting style for command output.
+  * off
@@ -1306,0 +1310,13 @@ Disable automatically prompt for CLI input parameters.
+`--cli-error-format` (string)
+
+The formatting style for error output. By default, errors are displayed in enhanced format.
+
+  * legacy
+  * json
+  * yaml
+  * text
+  * table
+  * enhanced
+
+
+
@@ -1359 +1375 @@ GroupByResults -> (list)
-  * [AWS CLI 2.33.29 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.0 Command Reference](../../index.html) »