AWS cli documentation change
Summary
Added documentation for three new filters (ResourceOwnerAccountId, ResourceOwnerOrgId, ResourceProvider) in Security Hub insights, including detailed descriptions of their Value and Comparison parameters with operator usage rules.
Security assessment
The change documents new filtering capabilities for Security Hub CSPM findings, which is a security feature. However, there's no evidence of addressing a specific vulnerability or incident - it enhances existing security documentation by describing new resource ownership and provider filters.
Diff
diff --git a/cli/latest/reference/securityhub/update-insight.md b/cli/latest/reference/securityhub/update-insight.md index 5c8f2dc16..ad05cf4d4 100644 --- a//cli/latest/reference/securityhub/update-insight.md +++ b//cli/latest/reference/securityhub/update-insight.md @@ -15 +15 @@ - * [AWS CLI 2.35.16 Command Reference](../../index.html) » + * [AWS CLI 2.35.19 Command Reference](../../index.html) » @@ -6412,0 +6413,207 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/securi +> +> ResourceOwnerAccountId -> (list) +> +>> The unique identifier of the account that owns the resource that the finding applies to, for example, Azure Subscription Id or Amazon Web Services Account Id +>> +>> (structure) +>> +>>> A string filter for filtering Security Hub CSPM findings. +>>> +>>> Value -> (string) +>>> +>>>> The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is `Security Hub CSPM` . If you provide `security hub` as the filter value, there’s no match. +>>>> +>>>> Constraints: +>>>> +>>>> * pattern: `.*\S.*` +>>>> + +>>> +>>> Comparison -> (string) +>>> +>>>> The condition to apply to a string value when filtering Security Hub CSPM findings. +>>>> +>>>> To search for values that have the filter value, use one of the following comparison operators: +>>>> +>>>> * To search for values that include the filter value, use `CONTAINS` . For example, the filter `Title CONTAINS CloudFront` matches findings that have a `Title` that includes the string CloudFront. +>>>> * To search for values that exactly match the filter value, use `EQUALS` . For example, the filter `AwsAccountId EQUALS 123456789012` only matches findings that have an account ID of `123456789012` . +>>>> * To search for values that start with the filter value, use `PREFIX` . For example, the filter `ResourceRegion PREFIX us` matches findings that have a `ResourceRegion` that starts with `us` . A `ResourceRegion` that starts with a different value, such as `af` , `ap` , or `ca` , doesn’t match. +>>>> + +>>>> +>>>>> `CONTAINS` , `EQUALS` , and `PREFIX` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Title CONTAINS CloudFront OR Title CONTAINS CloudWatch` match a finding that includes either `CloudFront` , `CloudWatch` , or both strings in the title. +>>>> +>>>> To search for values that don’t have the filter value, use one of the following comparison operators: +>>>> +>>>> * To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, the filter `Title NOT_CONTAINS CloudFront` matches findings that have a `Title` that excludes the string CloudFront. +>>>> * To search for values other than the filter value, use `NOT_EQUALS` . For example, the filter `AwsAccountId NOT_EQUALS 123456789012` only matches findings that have an account ID other than `123456789012` . +>>>> * To search for values that don’t start with the filter value, use `PREFIX_NOT_EQUALS` . For example, the filter `ResourceRegion PREFIX_NOT_EQUALS us` matches findings with a `ResourceRegion` that starts with a value other than `us` . +>>>> + +>>>> +>>>>> `NOT_CONTAINS` , `NOT_EQUALS` , and `PREFIX_NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch` match a finding that excludes both `CloudFront` and `CloudWatch` in the title. +>>>> +>>>> You can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can’t provide both an `EQUALS` filter and a `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filter on the same field. Combining filters in this way returns an error. `CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters. +>>>> +>>>> You can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub CSPM first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters. +>>>> +>>>> For example, for the following filters, Security Hub CSPM first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2` . It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface` . +>>>> +>>>> * `ResourceType PREFIX AwsIam` +>>>> * `ResourceType PREFIX AwsEc2` +>>>> * `ResourceType NOT_EQUALS AwsIamPolicy` +>>>> * `ResourceType NOT_EQUALS AwsEc2NetworkInterface` +>>>> + +>>>> +>>>> The `CONTAINS` operator works with automation rules V1 and V2. The `NOT_CONTAINS` operator works only with automation rules V1. The `CONTAINS_WORD` operator works only in the `GetFindingsV2` , `GetFindingStatisticsV2` , `GetResourcesV2` , and `GetResourcesStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the _Security Hub CSPM User Guide_ . +>>>> +>>>> Possible values: +>>>> +>>>> * `EQUALS` +>>>> * `PREFIX` +>>>> * `NOT_EQUALS` +>>>> * `PREFIX_NOT_EQUALS` +>>>> * `CONTAINS` +>>>> * `NOT_CONTAINS` +>>>> * `CONTAINS_WORD` +>>>> + +> +> ResourceOwnerOrgId -> (list) +> +>> The unique identifier of the organization that owns the resource that the finding applies to, for example, Azure Tenant Id +>> +>> (structure) +>> +>>> A string filter for filtering Security Hub CSPM findings. +>>> +>>> Value -> (string) +>>> +>>>> The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is `Security Hub CSPM` . If you provide `security hub` as the filter value, there’s no match. +>>>> +>>>> Constraints: +>>>> +>>>> * pattern: `.*\S.*` +>>>> + +>>> +>>> Comparison -> (string) +>>> +>>>> The condition to apply to a string value when filtering Security Hub CSPM findings. +>>>> +>>>> To search for values that have the filter value, use one of the following comparison operators: +>>>> +>>>> * To search for values that include the filter value, use `CONTAINS` . For example, the filter `Title CONTAINS CloudFront` matches findings that have a `Title` that includes the string CloudFront. +>>>> * To search for values that exactly match the filter value, use `EQUALS` . For example, the filter `AwsAccountId EQUALS 123456789012` only matches findings that have an account ID of `123456789012` . +>>>> * To search for values that start with the filter value, use `PREFIX` . For example, the filter `ResourceRegion PREFIX us` matches findings that have a `ResourceRegion` that starts with `us` . A `ResourceRegion` that starts with a different value, such as `af` , `ap` , or `ca` , doesn’t match. +>>>> + +>>>> +>>>>> `CONTAINS` , `EQUALS` , and `PREFIX` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Title CONTAINS CloudFront OR Title CONTAINS CloudWatch` match a finding that includes either `CloudFront` , `CloudWatch` , or both strings in the title. +>>>> +>>>> To search for values that don’t have the filter value, use one of the following comparison operators: +>>>> +>>>> * To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, the filter `Title NOT_CONTAINS CloudFront` matches findings that have a `Title` that excludes the string CloudFront. +>>>> * To search for values other than the filter value, use `NOT_EQUALS` . For example, the filter `AwsAccountId NOT_EQUALS 123456789012` only matches findings that have an account ID other than `123456789012` . +>>>> * To search for values that don’t start with the filter value, use `PREFIX_NOT_EQUALS` . For example, the filter `ResourceRegion PREFIX_NOT_EQUALS us` matches findings with a `ResourceRegion` that starts with a value other than `us` . +>>>> + +>>>> +>>>>> `NOT_CONTAINS` , `NOT_EQUALS` , and `PREFIX_NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch` match a finding that excludes both `CloudFront` and `CloudWatch` in the title. +>>>> +>>>> You can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can’t provide both an `EQUALS` filter and a `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filter on the same field. Combining filters in this way returns an error. `CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters. +>>>> +>>>> You can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub CSPM first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters. +>>>> +>>>> For example, for the following filters, Security Hub CSPM first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2` . It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface` . +>>>> +>>>> * `ResourceType PREFIX AwsIam` +>>>> * `ResourceType PREFIX AwsEc2` +>>>> * `ResourceType NOT_EQUALS AwsIamPolicy` +>>>> * `ResourceType NOT_EQUALS AwsEc2NetworkInterface` +>>>> + +>>>> +>>>> The `CONTAINS` operator works with automation rules V1 and V2. The `NOT_CONTAINS` operator works only with automation rules V1. The `CONTAINS_WORD` operator works only in the `GetFindingsV2` , `GetFindingStatisticsV2` , `GetResourcesV2` , and `GetResourcesStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the _Security Hub CSPM User Guide_ . +>>>> +>>>> Possible values: +>>>> +>>>> * `EQUALS` +>>>> * `PREFIX` +>>>> * `NOT_EQUALS` +>>>> * `PREFIX_NOT_EQUALS` +>>>> * `CONTAINS` +>>>> * `NOT_CONTAINS` +>>>> * `CONTAINS_WORD` +>>>> + +> +> ResourceProvider -> (list) +> +>> The cloud provider that the resource belongs to. Valid values are `AWS` and `Azure` . +>> +>> (structure) +>> +>>> A string filter for filtering Security Hub CSPM findings. +>>> +>>> Value -> (string) +>>> +>>>> The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is `Security Hub CSPM` . If you provide `security hub` as the filter value, there’s no match. +>>>> +>>>> Constraints: +>>>> +>>>> * pattern: `.*\S.*` +>>>> + +>>> +>>> Comparison -> (string) +>>> +>>>> The condition to apply to a string value when filtering Security Hub CSPM findings. +>>>> +>>>> To search for values that have the filter value, use one of the following comparison operators: +>>>> +>>>> * To search for values that include the filter value, use `CONTAINS` . For example, the filter `Title CONTAINS CloudFront` matches findings that have a `Title` that includes the string CloudFront. +>>>> * To search for values that exactly match the filter value, use `EQUALS` . For example, the filter `AwsAccountId EQUALS 123456789012` only matches findings that have an account ID of `123456789012` . +>>>> * To search for values that start with the filter value, use `PREFIX` . For example, the filter `ResourceRegion PREFIX us` matches findings that have a `ResourceRegion` that starts with `us` . A `ResourceRegion` that starts with a different value, such as `af` , `ap` , or `ca` , doesn’t match. +>>>> + +>>>> +>>>>> `CONTAINS` , `EQUALS` , and `PREFIX` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Title CONTAINS CloudFront OR Title CONTAINS CloudWatch` match a finding that includes either `CloudFront` , `CloudWatch` , or both strings in the title. +>>>> +>>>> To search for values that don’t have the filter value, use one of the following comparison operators: +>>>> +>>>> * To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, the filter `Title NOT_CONTAINS CloudFront` matches findings that have a `Title` that excludes the string CloudFront. +>>>> * To search for values other than the filter value, use `NOT_EQUALS` . For example, the filter `AwsAccountId NOT_EQUALS 123456789012` only matches findings that have an account ID other than `123456789012` . +>>>> * To search for values that don’t start with the filter value, use `PREFIX_NOT_EQUALS` . For example, the filter `ResourceRegion PREFIX_NOT_EQUALS us` matches findings with a `ResourceRegion` that starts with a value other than `us` . +>>>> + +>>>> +>>>>> `NOT_CONTAINS` , `NOT_EQUALS` , and `PREFIX_NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch` match a finding that excludes both `CloudFront` and `CloudWatch` in the title. +>>>> +>>>> You can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can’t provide both an `EQUALS` filter and a `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filter on the same field. Combining filters in this way returns an error. `CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters. +>>>> +>>>> You can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub CSPM first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters. +>>>> +>>>> For example, for the following filters, Security Hub CSPM first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2` . It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface` . +>>>> +>>>> * `ResourceType PREFIX AwsIam` +>>>> * `ResourceType PREFIX AwsEc2` +>>>> * `ResourceType NOT_EQUALS AwsIamPolicy` +>>>> * `ResourceType NOT_EQUALS AwsEc2NetworkInterface` +>>>>