2020/03/26 - AWS SecurityHub - 2 updated api methods
Changes Security Hub has now made it easier to opt out of default standards when you enable Security Hub. We added a new Boolean parameter to EnableSecurityHub called EnableDefaultStandards. If that parameter is true, Security Hub's default standards are enabled. A new Boolean parameter for standards, EnabledByDefault, indicates whether a standard is a default standard. Today, the only default standard is CIS AWS Foundations Benchmark v1.2. Additional default standards will be added in the future.To learn more, visit our documentation on the EnableSecurityHub API action.
{'Standards': {'EnabledByDefault': 'boolean'}}
Returns a list of the available standards in Security Hub.
For each standard, the results include the standard ARN, the name, and a description.
See also: AWS API Documentation
Request Syntax
client.describe_standards( NextToken='string', MaxResults=123 )
string
The token that is required for pagination. On your first call to the DescribeStandards operation, set the value of this parameter to NULL .
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
integer
The maximum number of standards to return.
dict
Response Syntax
{ 'Standards': [ { 'StandardsArn': 'string', 'Name': 'string', 'Description': 'string', 'EnabledByDefault': True|False }, ], 'NextToken': 'string' }
Response Structure
(dict) --
Standards (list) --
A list of available standards.
(dict) --
Provides information about a specific standard.
StandardsArn (string) --
The ARN of a standard.
Name (string) --
The name of the standard.
Description (string) --
A description of the standard.
EnabledByDefault (boolean) --
Whether the standard is enabled by default. When Security Hub is enabled from the console, if a standard is enabled by default, the check box for that standard is selected by default.
When Security Hub is enabled using the EnableSecurityHub API operation, the standard is enabled by default unless EnableDefaultStandards is set to false .
NextToken (string) --
The pagination token to use to request the next page of results.
{'EnableDefaultStandards': 'boolean'}
Enables Security Hub for your account in the current Region or the Region you specify in the request.
When you enable Security Hub, you grant to Security Hub the permissions necessary to gather findings from other services that are integrated with Security Hub.
When you use the EnableSecurityHub operation to enable Security Hub, you also automatically enable the CIS AWS Foundations standard. You do not enable the Payment Card Industry Data Security Standard (PCI DSS) standard. To not enable the CIS AWS Foundations standard, set EnableDefaultStandards to false .
After you enable Security Hub, to enable a standard, use the `` BatchEnableStandards `` operation. To disable a standard, use the `` BatchDisableStandards `` operation.
To learn more, see Setting Up AWS Security Hub in the AWS Security Hub User Guide .
See also: AWS API Documentation
Request Syntax
client.enable_security_hub( Tags={ 'string': 'string' }, EnableDefaultStandards=True|False )
dict
The tags to add to the Hub resource when you enable Security Hub.
(string) --
(string) --
boolean
Whether to enable the security standards that Security Hub has designated as automatically enabled. If you do not provide a value for EnableDefaultStandards , it is set to true . To not enable the automatically enabled standards, set EnableDefaultStandards to false .
dict
Response Syntax
{}
Response Structure
(dict) --