2020/01/15 - AWS SecurityHub - 2 new api methods
Changes Add support for DescribeStandardsControls and UpdateStandardsControl. These new Security Hub API operations are used to track and manage whether a compliance standards control is enabled.
Used to control whether an individual compliance standard control is enabled or disabled.
See also: AWS API Documentation
Request Syntax
client.update_standards_control( StandardsControlArn='string', ControlStatus='ENABLED'|'DISABLED', DisabledReason='string' )
string
[REQUIRED]
The ARN of the compliance standard control to enable or disable.
string
The updated status of the compliance standard control.
string
A description of the reason why you are disabling a compliance standard control.
dict
Response Syntax
{}
Response Structure
(dict) --
Returns a list of compliance standards controls.
For each control, the results include information about whether it is currently enabled, the severity, and a link to remediation information.
See also: AWS API Documentation
Request Syntax
client.describe_standards_controls( StandardsSubscriptionArn='string', NextToken='string', MaxResults=123 )
string
[REQUIRED]
The ARN of a resource that represents your subscription to a supported standard.
string
For requests to get the next page of results, the pagination token that was returned with the previous set of results. The initial request does not include a pagination token.
integer
The maximum number of compliance standard controls to return.
dict
Response Syntax
{ 'Controls': [ { 'StandardsControlArn': 'string', 'ControlStatus': 'ENABLED'|'DISABLED', 'DisabledReason': 'string', 'ControlStatusUpdatedAt': datetime(2015, 1, 1), 'ControlId': 'string', 'Title': 'string', 'Description': 'string', 'RemediationUrl': 'string', 'SeverityRating': 'LOW'|'MEDIUM'|'HIGH'|'CRITICAL' }, ], 'NextToken': 'string' }
Response Structure
(dict) --
Controls (list) --
A list of compliance standards controls.
(dict) --
Details for an individual compliance standard control.
StandardsControlArn (string) --
The ARN of the compliance standard control.
ControlStatus (string) --
The current status of the compliance standard control. Indicates whether the control is enabled or disabled. Security Hub does not check against disabled controls.
DisabledReason (string) --
The reason provided for the most recent change in status for the control.
ControlStatusUpdatedAt (datetime) --
The date and time that the status of the compliance standard control was most recently updated.
ControlId (string) --
The identifier of the compliance standard control.
Title (string) --
The title of the compliance standard control.
Description (string) --
The longer description of the compliance standard control. Provides information about what the control is checking for.
RemediationUrl (string) --
A link to remediation information for the control in the Security Hub user documentation
SeverityRating (string) --
The severity of findings generated from this compliance standard control.
The finding severity is based on an assessment of how easy it would be to compromise AWS resources if the compliance issue is detected.
NextToken (string) --
If there are more compliance standards control remaining in the results, then this is the pagination token to use to request the next page of compliance standard controls.